Azure AD credentials exposed by unsecured JSON config file
GBHackers News reports that threat actors could leverage Azure Active Directory credentials leaked by a misconfigured ASP.NET Core appsettings.json file to compromise organizations' cloud environments. Exposed Azure AD ClientId and ClientSecret details could be harnessed to facilitate OAuth 2.0 token requests, which would allow attackers to secure a Bearer token to infiltrate Microsoft Graph APIs and enable sensitive data exfiltration from OneDrive, SharePoint, and Exchange Online; Azure AD user, group, and directory role enumeration; Graph API abuse for persistence or elevated privileges; and illicit app deployment, according to a report from Resecurity's HUNTER Team. Further analysis showed the issue to stem from unsecured servers, inadequately restricted internal configuration files, insufficient code reviews or security evaluations, and excessive secret dependence. Such an issue should prompt organizations to not only implement robust file-access controls and secret management policies, but also perform routine penetration testing and automated credential scanning.
