binarysecurity.no/posts/2024/09/apim-privilege-escalation
Preview meta tags from the binarysecurity.no website.
Linked Hostnames
5- 12 links tobinarysecurity.no
- 6 links tolearn.microsoft.com
- 1 link tolinkedin.com
- 1 link totwitter.com
- 1 link tounsplash.com
Search Engine Appearance
Escalating from Reader to Contributor in Azure API Management
This blog post shows how a user with Reader-level access to an Azure API Management resource actually had the equivalent of Contributor-level access, allowing the user to read, modify and even delete configurations of the resource via the Direct Management API. This was possible because a regular user with read access to the Azure APIM resource was allowed to read the keys of any APIM user via the Azure Resource Manager Rest API. The keys can be used to generate SharedAccessSignatures to authenticate to the Direct Management API, giving access to perform any management operation on the API Management resource.
Bing
Escalating from Reader to Contributor in Azure API Management
This blog post shows how a user with Reader-level access to an Azure API Management resource actually had the equivalent of Contributor-level access, allowing the user to read, modify and even delete configurations of the resource via the Direct Management API. This was possible because a regular user with read access to the Azure APIM resource was allowed to read the keys of any APIM user via the Azure Resource Manager Rest API. The keys can be used to generate SharedAccessSignatures to authenticate to the Direct Management API, giving access to perform any management operation on the API Management resource.
DuckDuckGo
https://binarysecurity.no/posts/2024/09/apim-privilege-escalationEscalating from Reader to Contributor in Azure API Management
This blog post shows how a user with Reader-level access to an Azure API Management resource actually had the equivalent of Contributor-level access, allowing the user to read, modify and even delete configurations of the resource via the Direct Management API. This was possible because a regular user with read access to the Azure APIM resource was allowed to read the keys of any APIM user via the Azure Resource Manager Rest API. The keys can be used to generate SharedAccessSignatures to authenticate to the Direct Management API, giving access to perform any management operation on the API Management resource.
General Meta Tags
10- titleEscalating from Reader to Contributor in Azure API Management
- titleEscalating from Reader to Contributor in Azure API Management | Binary Security AS
- charsetutf-8
- viewportwidth=device-width, initial-scale=1, user-scalable=no
- theme-color#ffffff
Open Graph Meta Tags
6- og:titleEscalating from Reader to Contributor in Azure API Management
og:localeen_US- og:descriptionThis blog post shows how a user with Reader-level access to an Azure API Management resource actually had the equivalent of Contributor-level access, allowing the user to read, modify and even delete configurations of the resource via the Direct Management API. This was possible because a regular user with read access to the Azure APIM resource was allowed to read the keys of any APIM user via the Azure Resource Manager Rest API. The keys can be used to generate SharedAccessSignatures to authenticate to the Direct Management API, giving access to perform any management operation on the API Management resource.
- og:urlhttps://www.binarysecurity.no/posts/2024/09/apim-privilege-escalation
- og:site_nameBinary Security AS
Twitter Meta Tags
3- twitter:cardsummary
- twitter:site@binarysecnorway
- twitter:creator@Christian Håland
Link Tags
6- alternatehttps://www.binarysecurity.no/feed.xml
- apple-touch-icon/assets/images/apple-touch-icon.png
- canonicalhttps://www.binarysecurity.no/posts/2024/09/apim-privilege-escalation
- icon/assets/images/favicon-32x32.png
- icon/assets/images/favicon-16x16.png
Emails
1Links
21- https://binarysecurity.no
- https://binarysecurity.no/about
- https://binarysecurity.no/application_security
- https://binarysecurity.no/careers
- https://binarysecurity.no/penetration_testing