Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ASP.NET Core appsettings.json leak exposing Azure AD credentials

Data Leak
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

A publicly accessible appsettings.json file exposed Azure AD ClientId and ClientSecret secrets, creating a direct path to OAuth 2.0 authentication abuse and cloud account compromise. The leak affected ASP.NET Core applications and could let an attacker masquerade as the trusted application to reach Microsoft Graph and other cloud resources. The exposed file was available on the public Internet, turning a configuration mistake into a credential exposure event.

Related Happenings

Microsoft out-of-band security update for ASP.NET Core Data Protection (CVE-2026-40372)

Security Patch Release
First: 22.04.2026 11:08 Last: 22.04.2026 11:08 Sources 1

About this happening: **Microsoft** released **out-of-band security updates** for **CVE-2026-40372**, an **ASP.NET Core Data Protection** flaw that could let attackers forge authentication cookies and...

Open Happening

ASP.NET Core Data Protection privilege escalation (CVE-2026-40372)

Vulnerability
First: 22.04.2026 11:08 Last: 22.04.2026 11:08 Sources 1

About this happening: **CVE-2026-40372** in **ASP.NET Core Data Protection** can let **unauthenticated attackers** forge authentication cookies and gain **SYSTEM privileges** on affected devices. Micro...

Open Happening

Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)

Vulnerability
First: 14.04.2026 20:41 Last: 14.04.2026 20:41 Sources 1

About this happening: Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...

Open Happening

Microsoft Windows Admin Center patch for CVE-2026-26119

Security Patch Release
First: 19.02.2026 19:40 Last: 19.02.2026 19:40 Sources 1

About this happening: Microsoft shipped **Windows Admin Center version 2511** to patch **CVE-2026-26119**, closing an **improper authentication** flaw that could let an authorized attacker **elevate pr...

Open Happening

Unauthenticated Moltbot instances expose configuration data and credentials

Data Leak
First: 28.01.2026 19:46 Last: 28.01.2026 19:46 Sources 1

About this happening: **Hundreds of unauthenticated Moltbot instances** were found exposing **configuration data**, **API keys**, **OAuth credentials**, and **private chat histories** to unauthorized p...

Open Happening

Timeline

  1. 02.09.2025 14:52 2 articles · 8mo ago

    Public appsettings.json file exposes Azure AD ClientId and ClientSecret

    Initial Disclosure

    Resecurity's HUNTER team reported that a publicly accessible appsettings.json file for an ASP.NET Core application exposed Azure ActiveDirectory ClientId and ClientSecret credentials, creating a path for OAuth 2.0 authentication abuse against Azure cloud environments and Microsoft Graph API access.

    Show sources
    Open in new tab