You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
secret rotation
About this tag
Secret rotation is a critical security practice for protecting cloud and enterprise applications, particularly in Microsoft Azure and Entra ID environments. Discussions on WindowsForum highlight how exposed credentials in configuration files like appsettings.json can lead to OAuth token abuse and unauthorized access to Microsoft Graph and Azure resources. Real-world incidents, such as the Commvault Metallic SaaS breach and Azure Stack Hub vulnerabilities, underscore the risks of static secrets and the need for automated secret rotation. Recurring themes include using managed identities, Azure Key Vault, and least-privilege policies to mitigate credential leaks. The tag covers practical guidance on preventing secret exposure, rotating application secrets, and securing authentication flows against attacks that exploit hardcoded or stale credentials.
A publicly exposed appsettings.json containing Azure Active Directory (Entra ID) application credentials has opened a direct, programmatic path into affected tenants — a single misconfigured JSON file acting as a master key for cloud estates and enabling attackers to exchange leaked...
A publicly exposed appsettings.json file that contained Azure Active Directory application credentials has created a direct, programmatic attack path into affected tenants — a misconfiguration that can let attackers exchange leaked ClientId/ClientSecret pairs for OAuth 2.0 access tokens and then...
Title: Urgent: CVE-2025-53793 — Azure Stack Hub “Improper Authentication” Information Disclosure (what admins need to know and do)
Lede
Microsoft has published an advisory for CVE-2025-53793 describing an “improper authentication” vulnerability in Azure Stack Hub that can allow an...
The announcement of cyber threat activity targeting Commvault’s flagship SaaS cloud application, Metallic, marks a pivotal moment for cloud security and Managed Service Providers (MSPs), especially those tasked with safeguarding Microsoft 365 (M365) environments. As the wave of sophisticated...