services / Azure / Web App connection string
Connection strings of an Azure App Service web app that embed credentials for backing databases and storage services.
Connection strings by definition contain database/storage credentials (passwords, account keys, SAS tokens) returned in cleartext; credential material.
Microsoft.Web/Sites/config/web/connectionstrings/read
Reading a connection string returns embedded backing-store credentials in cleartext, exportable for direct authenticated access to the data store.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog