services / Azure / APIM portal settings
Developer portal settings for an Azure API Management service, controlling sign-in, sign-up, and delegation behavior of the portal.
These settings shape portal authentication and user-onboarding flows; the delegation validation key is a signing secret.
Microsoft.ApiManagement/service/portalSettings/listSecrets/action
Returns the portal delegation validation key (a signing secret), enabling an attacker to forge trusted delegated sign-in/sign-up requests.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog