Azure’s Weakest Link? How API Connections Spill Secrets

Azure API Connections serve as the backbone for integrating Logic Apps, Power Apps, and Power Automate with external systems. However, these connections can be exploited to gain near unrestricted access to connected APIs, with minimal privileges and even cross-tenant.

This talk will demonstrate the lacking state of Azure security and how a huge hidden infrastructure can be understood and exploited. By taking you through the many layers of ARM (Azure Resource Management), APIM (API Management), Custom Connectors, consent servers and token stores, I will show how I managed to execute a cross-tenant Key Vault secrets leak. On the way there, a myriad of exploitable resources will be found, letting us inject into databases, publish issues on your Jira, exfiltrate your Salesforce data and even send some mail.

From an interesting JSON reply, to being able to read Key Vaults as a low-privileged user to cross-tenant capabilities was a long journey, and I will take you through how it was achieved.

By:
Haakon Gulbrandsrud | Security Consultant, Binary Security

Presentation Materials Available at:
https://blackhat.com/us-25/briefings/schedule/?#azures-weakest-link-how-api-connections-spill-secrets-44944Black HatRead More