Lateral movement

Web app environment variables expose secrets

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
    • ,
  • CCPA
    • ,
  • CPRA
    • ,
  • Data Security Posture Management (DSPM) Best Practices
    • ,
  • GDPR
    • ,
  • HITRUST
    • ,
  • iso_27001_2022
    • ,
  • iso_27002_2022
    • ,
  • Mitre ATT&CK
    • ,
  • New Zealand Information Security Manual
    • ,
  • Orca Best Practices
    • ,
  • PDPA
    • ,
  • UK Cyber Essentials

Description

Azure Functions is Azure's serverless solution. Environment variables are key-value pairs of data which are forwarded to the execution environment of a function, and help making the behaviour of a generic code that runs in a function more dynamic. We have found that the function exposes sensitive data in the environment variables of the function. If an attacker can list this function (i.e. read its metadata), they may be able to use this information for lateral movement.
Need help?

Get a free Security Risk Assessment. Start today

Demo the Orca Platform

In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.

Get a Demo