5 matches found
CVE-2021-42306
CVE-2021-42306 describes an information-disclosure vulnerability in Azure AD where private key data uploaded as part of a certificate in the keyCredential of an Application or Service Principal could be read by an entity with application read access in the tenant. The root cause is the handling o...
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentials property of an Azure Active Directory Azure AD Application and/or Service Principal, and prevent reading of private key data...
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentialsproperty of an Azure Active Directory Azure AD Applicationand/or Service Principal, and prevent reading of private key data...
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentialsproperty of an Azure Active Directory Azure AD Applicationand/or Service Principal, and prevent reading of private key data...
CVE-2021-42306
creationtimestamp| type| source ---|---|--- 2021-11-17 07:00:00+00:00| seen| https://msrc.microsoft.com/blog/2021/11/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/ 2021-11-18 13:13:22+00:00| published-proof-of-concep...