services / Azure / VPN server configuration

A VpnServerConfiguration defines the authentication settings (certificate, RADIUS, and Azure AD) and connection parameters for Point-to-Site (P2S) VPN access into Azure virtual networks via VPN/virtual WAN gateways.

Governs remote-access authentication into the network; the RADIUS shared secrets it references are credential material exposed only through the dedicated listAllRadiusServersSecrets action.


Microsoft.​Network/​vpnServerConfigurations/​listAllRadiusServersSecrets/​action

Returns the RADIUS server shared secrets used for VPN authentication, exporting reusable credential material that enables impersonation of the RADIUS trust channel.

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​microsoft.​network
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog