high

CredManifest (Azure AD keyCredential property information disclosure)

Published Wed, Nov 17th, 2021
Platforms

Summary

Automation Account 'Run as' credentials (PFX certificates) were being stored in cleartext, in Azure Active Directory (AAD). These credentials were available to anyone with the ability to read information about App Registrations (typically most AAD users).

Affected Services

AAD

Remediation

Regenerate exposed certificate

Tracked CVEs

CVE-2021-42306

References

Disclosure Date
Thu, Oct 7th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Karl Fosaaen, NetSPI