services / Azure / Webtest token
An authentication token associated with an Application Insights webtest, used to author and authenticate webtest/synthetic-monitor operations.
Returning the token discloses reusable credential material.
Microsoft.Insights/Webtests/GetToken/Read
This read returns webtest token credential material rather than mere configuration, so in isolation it exfiltrates reusable secret material.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog