https://community.isc2.org/t5/Cloud-Security/Azure-Key-Vault-Vulnerabilities-Could-Leak-Sensitive-Data-After/m-p/76679#M458 <P>Dear all,</P><P>&nbsp;</P><P>A detailed walkthrough demonstrates how attackers can manipulate Azure Key Vault’s access policies after compromising Entra ID (formerly Azure AD) credentials.<BR /><BR /></P><P>According to Faran Siddiqui, a penetration tester report, a “Key Vault 06 – Abuse Decryption Key,” shed light on this critical vulnerability and the technique involving AzureAD CLI and Microsoft Graph API.</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://cybersecuritynews.com/azure-key-vault-vulnerabilities-could-leak-sensitive-data-after-entra-id-breach/" target="_blank">https://cybersecuritynews.com/azure-key-vault-vulnerabilities-could-leak-sensitive-data-after-entra-id-breach/</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Jan 2025 14:52:18 GMT Kyaw_Myo_Oo 2025-01-29T14:52:18Z https://community.isc2.org/t5/Cloud-Security/Azure-Key-Vault-Vulnerabilities-Could-Leak-Sensitive-Data-After/m-p/76679#M458 <P>Dear all,</P><P>&nbsp;</P><P>A detailed walkthrough demonstrates how attackers can manipulate Azure Key Vault’s access policies after compromising Entra ID (formerly Azure AD) credentials.<BR /><BR /></P><P>According to Faran Siddiqui, a penetration tester report, a “Key Vault 06 – Abuse Decryption Key,” shed light on this critical vulnerability and the technique involving AzureAD CLI and Microsoft Graph API.</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://cybersecuritynews.com/azure-key-vault-vulnerabilities-could-leak-sensitive-data-after-entra-id-breach/" target="_blank">https://cybersecuritynews.com/azure-key-vault-vulnerabilities-could-leak-sensitive-data-after-entra-id-breach/</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Jan 2025 14:52:18 GMT https://community.isc2.org/t5/Cloud-Security/Azure-Key-Vault-Vulnerabilities-Could-Leak-Sensitive-Data-After/m-p/76679#M458 Kyaw_Myo_Oo 2025-01-29T14:52:18Z