H3-2024-0019
Credential Dumping - Office365 Application Memory
| Category | SECURITY_CONTROLS |
| Base Score | 7.2 |
Description
Credential Dumping in Office365 Application Memory is an attacker technique where an adversary extracts Azure access tokens stored in the memory of Office365 applications. These tokens can be used to access sensitive Office365 application data. To exploit this issue, attackers need to gain access to the application memory, which generally requires administrative privileges on the host where the application is running, or the exploitation of vulnerabilities that allow unauthorized memory access. Once access to the memory is achieved, the attacker can search for and extract the access tokens stored there.
Impact
By exploiting this deficiency, an attacker can impersonate a legitimate user and access sensitive data, perform operations, or escalate their privileges within the Office365 application environment, potentially leading to further compromise of the network.