Lateral movement

Azure Automation account variables expose secrets

Platform(s)
Compliance Frameworks
  • Azure Automation
  • ,
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCPA
  • ,
  • CPRA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • ISO 27701
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

Automation account allows you to automate your Azure management tasks and to orchestrate actions across external systems from right within Azure. Recipes are coded within Runbook. Variables can store database URLs, user names and other configurations. Variables can be used to effect a runbook without changing the actual code. Exposing secrets within variables, such as passwords or keys, is not safe since an attacker may be able to access those variables and use them for lateral movement. The Automation account {AzureAutomationAccount} was found to have the following exposed secrets: {AzureAutomationAccount.SecretEnvVars}