AZT405 - Azure AD Application#
Adversaries may abuse the assigned permissions on an Azure AD Application to escalate their privileges.
ID | Name | Description | Action | Resources |
---|---|---|---|---|
AZT405.1 | Application Role | By compromising a user, user in a group, or service principal that has an application role over an application, they may be able to escalate their privileges by impersonating the associated service principal and leveraging any privileged assigned application role. | AzureAD | |
AZT405.2 | Application API Permissions | By compromising a service principal whose application has privileged API permissions, an attacker can escalate their privileges to a higher privileged role. | AzureAD | |
AZT405.3 | Application Registration Owner | By compromising an account who is an 'Owner' over an application that is configured with additional roles or API permissions, an attacker can escalate their privileges by adding a certificate or credentials & logging in as the service principal. | AzureAD |