The Security Ledger Podcast

The Security Ledger Podcast

Episode 225: Unpacking the Azure CHAOS DB Flaw with Nir Ohfeld of Wiz

September 06, 2021

In this episode of the podcast (#225) we’re joined by Nir Ohfeld, a Senior Security Researcher at the firm Wiz. Nir helped discover the recent CHAOS DB flaw in COSMOS DB, the flagship database for Microsoft’s Azure cloud platform. Nir and I discuss the implications of the flaw, what steps organizations should take to limit their exposure and the larger issue of cloud insecurity.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to to get notified whenever a new podcast is posted. 


A flight to the cloud is one of the most salient technology trends of the last decade. With each passing month, more and more organizations are swapping out on premises applications and platforms for their cloud based alternatives: GSuite or Office 365 for Office, Azure AD for Active Directory, Workday and Salesforce for SAP and Oracle…and on and on. 

But there are security trade offs that go along with cloud migration. And the past week made that abundantly clear, after Microsoft and security researchers from the firm Wiz revealed a critical flaw in COSMOS DB,  Microsoft’s Azure flagship database, which Wiz named “CHAOS DB.” 

Episode 152: What the Silex Malware says about IoT Insecurity and Cloud Security CEO Steve Mullaney on Amazon ReInforce

Nir Ohfeld is a Senior Security Researcher at Wiz.

CHAOS DB: The Crown Jewel of Hacks

According to a report by researchers from Wiz, a flaw in the Jupyter Notebook, a common component of COSMOS DB,  opened thousands of Microsoft Azure customers to a “trivial” remote compromise that could have provided remote attackers with full administrative access (read, write, delete) to other customers Cosmos DB instances without authorization. The vulnerability  impacts thousands of organizations, including numerous Fortune 500 companies, Wiz reported. That prompted a warning by Microsoft, who also disabled the Jupyter Notebook feature on COSMOS DB just days after receiving the Wiz report...