This article has been indexed from Microsoft Security Response Center
Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentials property of an Azure Active Directory (Azure AD) Application and/or Service Principal, and prevent reading of private key data previously stored in the keyCredentials property.The keyCredentials property is used to configure an …
Read the original article: Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs