Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This script will allow you to find all applications and service principals in Azure AD affected by https://aka.ms/CVE-2021-42306-AAD that need their keys to be rotated.
Install-Module AffectedKeyCredentials
Get-AffectedKeyCredentials -TenantId 0000-0000-0000-0000 -ObjectClass application -ScanAll
Get-AffectedKeyCredentials -TenantId 0000-0000-0000-0000 -ObjectClass servicePrincipal -ScanAll
@xcactusx

This comment has been minimized.

Copy link

@xcactusx xcactusx commented Nov 18, 2021

When I run this with my tenant id, I get: WARNING: Unable to find type [Microsoft.Azure.Commands.Profile.Utilities.CustomAssemblyResolver].
Get-AzAccessToken : The term 'Get-AzAccessToken' is not recognized as the name of a cmdlet, function, script file, or
operable program.

I checked out Global Admin role

I've already checked that .net and azure modules are installed. Tried Install-Module -Name Az -AllowClobber based on a suggestion elsewhere, no change. Running powershell as admin as well.

The CVE script also fails, but that complains about characters in the script.

@xcactusx

This comment has been minimized.

Copy link

@xcactusx xcactusx commented Nov 18, 2021

Adding that this script WILL run in CloudShell from the browser, but not when I connect to azure ad from azure powershell running as admin. Because of all the warnings about .net and the different modules needing to be installed, it doesn't seem likely to me that CloudShell was the recommended way to run it. (Could be wrong) I haven't tried the CVE script from cloudshell yet.

@merill

This comment has been minimized.

Copy link
Owner Author

@merill merill commented Nov 18, 2021

Thanks for sharing the updates.

It sounds like a conflict of PowerShell modules. There are some suggestions in this thread Azure/azure-powershell#9949

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment