services / Azure / Logic Apps API connection
A managed API connection (Logic Apps / connector instance) that stores the configuration and authentication binding linking workflows to a backend service.
Connections embed reusable backend credentials/OAuth tokens; secret material is exposed only via dedicated listsecrets/listconnectionkeys actions, while the resource itself supports a single integration function.
Microsoft.Web/apimanagementaccounts/apis/connections/listSecrets/action
Returns the connection's stored secrets (backend passwords, OAuth tokens, connection strings), exporting reusable credentials that grant direct authenticated access to the connected system.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security