Forum Discussion
Investigating Storm-0558 security issue?
Gohulan "To do this, unpack the access tokens used against the application and search for the string" > can you give me more details what should i do like a Azure CLI command or something?
The more I read about it the more I get the hunch that remediation steps can only be carried out on the app developer's side. We are customers using this, for the most part, enterprise applications/app registrations. Don't if we can do anything here at all. What do you think?
- As customers using enterprise applications or app registrations, your control over the app's internal security mechanisms might be limited. In such cases, the responsibility for implementing remediation measures generally falls on the app developer or the service provider offering the application.
Here a short overview (azure cli):
1.) create the list
az ad app list --filter "(signinaudience eq 'AzureADMultipleOrgs' or signinaudience eq 'AzureADandPersonalMicrosoftAccount' or signinaudience eq 'PersonalMicrosoftAccount')" --query "[?id].{AppName:displayName, AppID:appId, ObjID:id, HomePageURL:web.homePageUrl}"2.) create the WebApps List
az ad app list --filter "(signinaudience eq 'AzureADMultipleOrgs' or signinaudience eq 'AzureADandPersonalMicrosoftAccount' or signinaudience eq 'PersonalMicrosoftAccount')" --query "[?web && web.homePageUrl && contains(web.homePageUrl, 'azurewebsites.net')].{AppName:displayName, AppID:appId, ObjID:id, HomePageURL:web.homePageUrl}"3.) az ad app credential reset --id <appid> --append
4.) az login --service-principal -u <appid> -p <clientsecret> --tenant <tenantid>5.) sometimes a Application ID URI needs to create..
Azure Active Directory → App registrations → {your app} → Expose an API → Add "Application ID URI"6.) az account get-access-token --resource api://<Application ID URI>
7.) Last go to this site and c&p your token https://jwt.io/
8.) check your kid field
sometime the cli need some times 😉
