Credentials, tokens, or cookies from highly privileged users should not be exposed on vulnerable endpoints
Why This Matters
When credentials, tokens, or cookies belonging to highly privileged users are exposed on vulnerable endpoints, attackers can leverage these artifacts to impersonate those users and gain unauthorized access to critical systems. This exposure increases the risk of privilege escalation, data breaches, and lateral movement within your Microsoft 365 environment. IT administrators must address these vulnerabilities to protect privileged accounts and maintain a secure security posture.
What Aether365 Checks
Aether365 verifies whether CLI secrets, user cookies, and sensitive token artifacts from highly privileged users are accessible from endpoints with a high risk or exposure score. This check appears in the Aether365 dashboard under the entra-id service category.