"##dump, / env, and / configprops ) about a running spring boot application. in this incident, spring boot actuator endpoints were exposed without authentication. the requests returned an http 200 status code and revealed sensitive information. although no plaintext credentials we…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1528Steal Application Access Token
70%
"application sends to the identity provider ( azure ad / entra id ) a request containing the : - client - id - client - secret - username - password 2. the identity provider validates the credentials. 3. if valid, it returns an access token. 4. the application uses the token to ac…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
62%
"application sends to the identity provider ( azure ad / entra id ) a request containing the : - client - id - client - secret - username - password 2. the identity provider validates the credentials. 3. if valid, it returns an access token. 4. the application uses the token to ac…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
61%
"weaknesses, and access to sensitive cloud data cyber risk exposure management does not evaluate risks in isolation. instead, it correlates exposures across identities, cloud services, and external attack surfaces to identify complete attack paths. a single issue may appear modera…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without MFA.