Critical Flaw in Azure AD Lets Attackers Steal Credentials
A recent cybersecurity assessment by Resecurity’s HUNTER Team uncovered a high-severity leak when Azure Active Directory (Azure AD) application credentials—specifically the ClientId and ClientSecret—were exposed in a publicly accessible appsettings.json file. This critical misconfiguration effectively hands attackers the digital keys to the cloud environment, enabling unauthorized token requests against Microsoft’s OAuth 2.0 endpoints and giving adversaries a direct path…