Critical Bug Advisory: Authentication Failures #377

pemari-msft · 2020-12-31T04:32:18Z

Due to a latent bug in the CPP REST SDK, date strings are being incorrectly generated as a part of storage requests. This means that requests originating today, 31 December 2020 (UTC) will see persistent 403 errors returned from the storage service. The fix in the underlying CPP REST SDK is being released (2.10.17). Please upgrade your dependency on CPP REST SDK to 2.10.17 ASAP to mitigate this issue according to the instructions in the comment below. Bearer token authentication is not affected. The issue will also self-mitigate on 1 Jan 2021. We apologize for the inconvenience.

vinjiang · 2020-12-31T05:59:13Z

To apply the fix in your application,

If you're using vcpkg to install azure-storage-cpp package, we recommend you upgrade vcpkg to latest and reinstall azure-storage-cpp and cpprestsdk. Note that this will also upgrade azure-storage-cpp to the latest version of 7.5.0.
If you build azure-storage-cpp and cpprest from source code by yourself. You should download the latest cpprest sdk (2.10.17), build and overwrite the older version. You don't need to upgrade azure-storage-cpp package in this case.

rhythmnewt · 2020-12-31T17:33:20Z

Thank you for this solution. We're working on rolling out a fix in our environments.

vinjiang pinned this issue Dec 31, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Critical Bug Advisory: Authentication Failures #377

Critical Bug Advisory: Authentication Failures #377

pemari-msft commented Dec 31, 2020 •

edited by vinjiang

vinjiang commented Dec 31, 2020

rhythmnewt commented Dec 31, 2020

Critical Bug Advisory: Authentication Failures #377

Critical Bug Advisory: Authentication Failures #377

Comments

pemari-msft commented Dec 31, 2020 • edited by vinjiang

vinjiang commented Dec 31, 2020

rhythmnewt commented Dec 31, 2020

pemari-msft commented Dec 31, 2020 •

edited by vinjiang