high

Extracting Managed Identity Credentials from Azure Functions

Published Thu, Nov 16th, 2023

Platforms

azure

Summary

A vulnerability in Azure Function Apps allowed extraction of Managed Identity credentials from the encrypted startup context of Linux containers. This gave attackers with container access the ability to persist as the Managed Identity, breaking the intended security model. Microsoft has since patched the issue by encrypting the sensitive payload.

Affected Services

Azure Functions, Managed Identities

Remediation

None required. Microsoft has addressed the issue on their end.

Tracked CVEs

No tracked CVEs

References

https://www.netspi.com/blog/technical/cloud-penetration-testing/mistaken-identity-azure-function-apps/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Wed, Jul 12th, 2023

Exploitability Period

Until 2023/11/11

Known ITW Exploitation

-

Detection Methods

Monitor for unexpected authentication attempts using Managed Identity certificates, especially from IP addresses not associated with the Function App.

Piercing Index Rating

-

Discovered by

Karl Fosaaen, NetSPI

More vulnerabilities...

high

CLI Tools Leak Credentials in GitHub Actions Logs

azureawsgcp

Palo Alto discovered that Azure CLI commands were found to leak sensitive credentials and environment variables in GitHub Actions logs. This issue affects both public and private repositories, pote...

Aviad Hahami, Palo Alto Net...
high

Azure CLI Leaks Credentials in GitHub Actions Logs

azuregithub

Azure CLI commands were found to leak sensitive information, including credentials, through GitHub Actions logs. The vulnerability affects multiple Azure CLI commands and could expose secrets in pu...

Aviad Hahami, Palo Alto Net...
high

Azure Automation Service Used for Cryptocurrency Mining

azure

SafeBreach Labs researchers developed methods to leverage Microsoft Azure's Automation Service for free, undetectable cryptocurrency mining. They found three ways to execute miners: two using their...

Ariel Gamrian, SafeBreach Labs
View all