services / Azure / Recovery Services vault token
The vault token is credential material returned by the Recovery Services vault that is used to authenticate vault-level backend backup and recovery operations.
Returns reusable credential/secret material granting authenticated access to the vault backend.
Microsoft.RecoveryServices/Vaults/vaultTokens/read
This read returns a vault token (credential material) that an attacker can reuse to authenticate to and act against the vault backend.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog