services / Azure / Web App connection string
Connection strings of an Azure App Service web app that embed credentials for backing databases and storage services.
Connection strings by definition contain database/storage credentials (passwords, account keys, SAS tokens) returned in cleartext; credential material.
Microsoft.Web/Sites/config/web/connectionstrings/delete
Deleting a connection string severs the app's link to its backing data store, breaking data access and disrupting the service.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog