Microsoft has successfully addressed a crucial security vulnerability that could potentially allow attackers to retrieve plaintext passwords and usernames from log files generated by affected CLI commands. These commands were published by Azure DevOps and GitHub Actions.

The identification of this vulnerability was credited to a security researcher associated with Palo Alto's Prisma Cloud.

Customers who have recently utilized Azure CLI commands were promptly informed through the Azure Portal, as confirmed by Microsoft. Additionally, the company has introduced an updated default configuration for Azure CLI to enhance security measures, specifically aimed at preventing inadvertent exposure of sensitive information.

The recent update includes settings that impose restrictions on revealing secrets within the output generated by update commands related to services within the App Service Family, encompassing Web Apps and Functions.

Microsoft shared in a blog post, "We're broadening our capability to redact credentials in GitHub Actions and Azure Pipelines to detect a wider range of identifiable key patterns in build logs and conceal them."

Furthermore, the company has advised existing users to promptly update their Azure CLI to the latest version, refrain from exposing Azure CLI output in logs or any publicly accessible location, and regularly rotate keys as a security measure.

Chandrayaan-3 Returns to Earth Safely! ISRO Confirms Controlled Disposal Post-Successful Mission