Forum Discussion
Investigating Storm-0558 security issue?
For those that've heard, any idea how we can investigate tokens? https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr article advises to: Exam...
As customers using enterprise applications or app registrations, your control over the app's internal security mechanisms might be limited. In such cases, the responsibility for implementing remediation measures generally falls on the app developer or the service provider offering the application.
Here a short overview (azure cli):
1.) create the list
az ad app list --filter "(signinaudience eq 'AzureADMultipleOrgs' or signinaudience eq 'AzureADandPersonalMicrosoftAccount' or signinaudience eq 'PersonalMicrosoftAccount')" --query "[?id].{AppName:displayName, AppID:appId, ObjID:id, HomePageURL:web.homePageUrl}" 2.) create the WebApps List
az ad app list --filter "(signinaudience eq 'AzureADMultipleOrgs' or signinaudience eq 'AzureADandPersonalMicrosoftAccount' or signinaudience eq 'PersonalMicrosoftAccount')" --query "[?web && web.homePageUrl && contains(web.homePageUrl, 'azurewebsites.net')].{AppName:displayName, AppID:appId, ObjID:id, HomePageURL:web.homePageUrl}"3.) az ad app credential reset --id <appid> --append
4.) az login --service-principal -u <appid> -p <clientsecret> --tenant <tenantid>
5.) sometimes a Application ID URI needs to create..
Azure Active Directory → App registrations → {your app} → Expose an API → Add "Application ID URI"
6.) az account get-access-token --resource api://<Application ID URI>
7.) Last go to this site and c&p your token https://jwt.io/
8.) check your kid field
sometime the cli need some times 😉