services / Azure / VPN link connection shared key
The IPsec pre-shared key (shared secret) authenticating a site-to-site VPN link connection on an Azure VPN Gateway, securing the tunnel to a connected on-premises or partner network.
Credential material that authenticates a tunnel bridging into internal/peer networks.
Microsoft.Network/vpnGateways/vpnConnections/vpnLinkConnections/sharedKeys/read
This get returns the IPsec pre-shared key, exporting credential material an attacker can use to establish or impersonate the site-to-site tunnel and reach the connected network.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog