Lucene search
Microsoft Security Response CenterMSRC:A7D33379110FE766144C19D13177F151HistoryNov 17, 2021 - 8:00 a.m.
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
2021-11-1708:00:00
Microsoft Security Response Center
link
7
0.003 Low
EPSS
Percentile
68.7%
Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentialsproperty of an Azure Active Directory (Azure AD) Applicationand/or Service Principal, and prevent reading of private key data previously stored in the keyCredentials property. The keyCredentials property is used to configure an applicationβs authentication credentials.
Related
cvelist
cvelist
CVE-2021-42306 Azure Active Directory Information Disclosure Vulnerability
2021-11-24 01:05:13
nvd
nvd
CVE-2021-42306
2021-11-24 01:15:08
kaspersky
kaspersky
KLA12348 OSI vulnerability in Microsoft Azure
2021-11-17 00:00:00
prion
prion
Information disclosure
2021-11-24 01:15:00
msrc
msrc
rapid7blog
rapid7blog
[Security Nation] Chris Levendis and Lisa Olson on Cloud CVEs
2022-09-14 19:00:00
cve
cve
CVE-2021-42306
2021-11-24 01:15:08
mscve
mscve
Azure Active Directory Information Disclosure Vulnerability
2021-11-17 08:00:00
cnvd
cnvd
Microsoft Azure Information Disclosure Vulnerability (CNVD-2021-100792)
2021-11-22 00:00:00