NA

CVE-2021-42306

Published: 24/11/2021 Updated: 24/11/2021

Vulnerability Summary

Azure Active Directory Information Disclosure Vulnerability. An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential  on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Recent Articles

Infosec bods: After more than a year, Sky gets round to squashing hijacking bug in 6m home broadband routers
The Register • Iain Thomson in San Francisco • 23 Nov 2021

Get our weekly newsletter Plus: DNS cache poisoning again, cops probe property conveyancing group's IT outage, Azure hole addressed, and more

In brief Sky has fixed a flaw in six million of its home broadband routers, and it only took the British broadcaster'n'telecoms giant a year to do so, infosec researchers have said.
We're told that the vulnerability could be exploited by tricking a subscriber into viewing a malicious webpage. If an attack was successful, their router would fall under the attacker's control, allowing the crook to open up ports to access other devices on the local network, change the LAN's default DNS settin...