Summary
A vulnerability in Azure Function Apps allowed extraction of Managed Identity credentials from the encrypted startup context of Linux containers. This gave attackers with container access the ability to persist as the Managed Identity, breaking the intended security model. Microsoft has since patched the issue by encrypting the sensitive payload.
Affected Services
Azure Functions, Managed Identities
Remediation
None required. Microsoft has addressed the issue on their end.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Wed, Jul 12th, 2023
Exploitablity Period
Until 2023/11/11
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected authentication attempts using Managed Identity certificates, especially from IP addresses not associated with the Function App.
Piercing Index Rating
-
Discovered by
Karl Fosaaen, NetSPI
