AZT603.1 - Service Principal Secret Reveal: Function App Settings#
If a Function App is using a service principal for authentication, an adversary may manipulate the function app logic to reveal the service principal's secret in plain text.
Resource
Function App
Actions
- Microsoft.web/sites/functions/read
- Microsoft.Web/sites/read
- Microsoft.Web/sites/config/list/action
Examples
Additional Resources
https://docs.microsoft.com/en-us/azure/automation/automation-runbook-execution