PT-2024-2773 · Microsoft · Azure Identity Library For .Net
Published
2024-04-09
·
Updated
2025-01-09
·
CVE-2024-29992
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Azure Identity Library for .NET versions prior to the fixed version
Description
The vulnerability in the Azure Identity Library for .NET is related to insufficient protection of registration data, which can allow an attacker to gain unauthorized access to protected information.
Recommendations
For Azure Identity Library for .NET versions prior to the fixed version, update to the latest version that includes the fix for this issue.
As a temporary workaround, consider restricting access to sensitive information until a patch is available.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Azure Identity Library For .Net