Wild, feels just like those 90s zero-day drops when everything was ‘disclosed by necessity.’ And of course Microsoft still pulls the classic ‘by design’ line instead of paying out. Some things never change.
A security vulnerability in Azure API Management (APIM) Developer Portal allows attackers to register accounts on any APIM instance that has Basic Authentication enabled, even when administrators have disabled user signup in the portal UI.
This bypass enables cross-tenant account creation, potentially allowing unauthorized access to API documentation, subscription keys, and other resources exposed through the Developer Portal.
Wild, feels just like those 90s zero-day drops when everything was ‘disclosed by necessity.’ And of course Microsoft still pulls the classic ‘by design’ line instead of paying out. Some things never change.
A security vulnerability in Azure API Management (APIM) Developer Portal allows attackers to register accounts on any APIM instance that has Basic Authentication enabled, even when administrators have disabled user signup in the portal UI.
This bypass enables cross-tenant account creation, potentially allowing unauthorized access to API documentation, subscription keys, and other resources exposed through the Developer Portal.