Ensure that no sensitive credentials are exposed in VM custom_data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | Azure |
| Vulnerability Type | omission |
Description#
Sensitive credentials, such as passwords or access keys, are being included in the custom_data field when provisioning Azure Virtual Machines. This practice exposes secrets in plain text within the VM metadata, making them accessible to anyone with read access to the VM configuration.
Impact#
If exploited, attackers or unauthorized users with access to VM metadata can obtain exposed credentials, leading to potential unauthorized access to databases, services, or other cloud resources. This can compromise infrastructure security, result in data breaches, and cause loss of control over critical systems.
Resolution#
Don’t use sensitive credentials in the VM custom_data