Read trending IT updates for cloud businesses, managed service providers, IT pros & what innovation digital transformation is driving in tech industry.

TODO: Mitigate the Data Disclosure vulnerability brought on by improperly configured Azure Migrate purposes

0 13

TODO: Mitigate the Data Disclosure vulnerability brought on by improperly configured Azure Migrate purposes

Azure Active Directory

Final week, Microsoft issued safety steerage on a safety problem inside Azure Energetic Listing. On this steerage, Microsoft instructs Azure AD admins to rotate the password for Azure Migrate purposes, when these purposes have been created previous to November 2, 2021.

CVE-2021-42306 is a vulnerability in the way in which Azure AD shops the keyCredentials attribute for software and/or service principals for some Azure companies.

The keyCredentials attribute shops the general public key knowledge to be used in authentication, however certificates with non-public key knowledge might have additionally been incorrectly saved within the attribute. Entry to personal key knowledge can result in an elevation of privilege assault by permitting a consumer to impersonate the impacted software and/or service principal.

Some Microsoft companies incorrectly saved non-public key knowledge within the keyCredentials  attribute whereas creating purposes. Azure Migrate service creates Azure AD purposes to allow Azure Migrate home equipment to speak with the service’s endpoints.

Azure Migrate deployed an replace to the service to forestall non-public key knowledge in clear textual content from being uploaded to the keyCredentials attributes of Azure AD purposes.

Azure AD has mitigated the knowledge disclosure problem by stopping studying of clear textual content non-public key knowledge that was beforehand added by any consumer or service by way of the UI or by way of APIs.

In consequence, clear textual content non-public key materials within the keyCredentials attribute is inaccessible, mitigating the dangers related to storage of this materials within the attribute.

As a precautionary measure, Microsoft recommends utilizing the evaluation script on this GitHub Repository. After assessing the impacted Azure AD purposes, it is advisable execute the mitigation script on every Azure Migrate equipment in your group’s atmosphere.

Sometimes, Below the App registration part within the Azure AD portal, the purposes related to Azure Migrate include one of many following suffixes:

  • resourceaccessaadapp
  • agentauthaadapp
  • authandaccessaadapp

Azure Migrate home equipment that had been registered after November 2, 2021 and had Equipment configuration supervisor model and above should not impacted and don’t require additional motion.

You might also like