Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs

We use cookies to improve your experience. By continuing to use our site, you accept our use of cookies, revised Privacy Policy and Terms of Use.

Posted on Wednesday November 17, 2021

Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentials property of an Azure Active Directory (Azure AD) Application and/or Service Principal, and prevent reading of private key data previously stored in the keyCredentials property.The keyCredentials property is used to configure an…

Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs Read More »

Celebrating 35+ Years