Skip to content

Instantly share code, notes, and snippets.

@merill
Last active December 9, 2021 15:40
Show Gist options
  • Save merill/8306cc91030b0a3e12f47835db6af549 to your computer and use it in GitHub Desktop.
Save merill/8306cc91030b0a3e12f47835db6af549 to your computer and use it in GitHub Desktop.
This script will allow you to find all applications and service principals in Azure AD affected by https://aka.ms/CVE-2021-42306-AAD that need their keys to be rotated.
Install-Module AffectedKeyCredentials
Get-AffectedKeyCredentials -TenantId 0000-0000-0000-0000 -ObjectClass application -ScanAll
Get-AffectedKeyCredentials -TenantId 0000-0000-0000-0000 -ObjectClass servicePrincipal -ScanAll
@xcactusx
Copy link

When I run this with my tenant id, I get: WARNING: Unable to find type [Microsoft.Azure.Commands.Profile.Utilities.CustomAssemblyResolver].
Get-AzAccessToken : The term 'Get-AzAccessToken' is not recognized as the name of a cmdlet, function, script file, or
operable program.

I checked out Global Admin role

I've already checked that .net and azure modules are installed. Tried Install-Module -Name Az -AllowClobber based on a suggestion elsewhere, no change. Running powershell as admin as well.

The CVE script also fails, but that complains about characters in the script.

@xcactusx
Copy link

Adding that this script WILL run in CloudShell from the browser, but not when I connect to azure ad from azure powershell running as admin. Because of all the warnings about .net and the different modules needing to be installed, it doesn't seem likely to me that CloudShell was the recommended way to run it. (Could be wrong) I haven't tried the CVE script from cloudshell yet.

@merill
Copy link
Author

merill commented Nov 18, 2021

Thanks for sharing the updates.

It sounds like a conflict of PowerShell modules. There are some suggestions in this thread Azure/azure-powershell#9949

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment