{"version":"1.0","provider_name":"INTRINSEC","provider_url":"https:\/\/www.intrinsec.com\/en","author_name":"Adrien Bouteiller","author_url":"https:\/\/www.intrinsec.com\/en\/author\/adrien-bouteiller\/","title":"[Azure] Unsecure development practice: FTP credentials leakage","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"0BFeR9tUrF\"><a href=\"https:\/\/www.intrinsec.com\/en\/azure-unsecure-development-practice-ftp-credentials-leakage\/\">[Azure] Unsecure development practice: FTP credentials leakage<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.intrinsec.com\/en\/azure-unsecure-development-practice-ftp-credentials-leakage\/embed\/#?secret=0BFeR9tUrF\" width=\"600\" height=\"338\" title=\"\u201c[Azure] Unsecure development practice: FTP credentials leakage\u201d \u2014 INTRINSEC\" data-secret=\"0BFeR9tUrF\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script>\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.intrinsec.com\/wp-includes\/js\/wp-embed.min.js\n<\/script>","description":"During recent intrusion tests, we identified a practice exposing access credentials to Microsoft Azure Web Sites platforms \u2013 a service for developing and hosting web applications in the cloud. This practice can lead to the compromise of the associated FTP server and thus allow illegitimate read and write access to the source code, log files and underlying operating system.","thumbnail_url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2018\/05\/publishsettings_1.png"}