azure-keyvault-cert-transparency-missing: Missing Certificate Transparency in Azure Key Vaults

日期: 2025-08-01 | 影响软件: azure key vault | POC: 已公开

漏洞描述

Ensure that Certificate Transparency feature is enabled for all Azure Key Vault SSL/TLS certificates to adhere to web security best practices. Certificate Transparency (CT) is a new Internet standard that helps to make the Transport Layer Security (TLS) ecosystem publicly auditable.

PoC代码[已公开]

id: azure-keyvault-cert-transparency-missing
info:
  name: Missing Certificate Transparency in Azure Key Vaults
  author: princechaddha
  severity: medium
  description: |
    Ensure that Certificate Transparency feature is enabled for all Azure Key Vault SSL/TLS certificates to adhere to web security best practices. Certificate Transparency (CT) is a new Internet standard that helps to make the Transport Layer Security (TLS) ecosystem publicly auditable.
  impact: |
    Without Certificate Transparency, domain owners are unaware of certificates issued to their domain unless directly requested, compromising transparency and security.
  remediation: |
    Enable Certificate Transparency for all Azure Key Vault SSL/TLS certificates through the Azure portal or Azure CLI to meet the standards enforced by the Certification Authority Browser Forum (CA/Browser Forum).
  reference:
    - https://docs.microsoft.com/en-us/azure/key-vault/certificates/how-to-enable-certificate-transparency
  tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config

flow: |
  code(1);
  for (let KeyVaultName of iterate(template.keyVaultNames)) {
    set("vaultName", KeyVaultName)
    code(2);
    for (let CertificateId of iterate(template.certificateIds)) {
      set("certificateId", CertificateId)
      code(3)
    }
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az keyvault list --query '[*].name' --output json

    extractors:
      - type: json
        name: keyVaultNames
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az keyvault certificate list --vault-name $vaultName --query '[?(attributes.enabled==`true`)].id' --output json

    extractors:
      - type: json
        name: certificateIds
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az keyvault certificate show --id $certificateId --query 'policy.issuerParameters.certificateTransparency' --output json

    matchers:
      - type: word
        words:
          - 'false'

    extractors:
      - type: dsl
        dsl:
          - 'vaultName + " SSL/TLS certificate " + certificateId + " does not have Certificate Transparency enabled"'
# digest: 4b0a0048304602210084865a32dc75db7bd30f7a9264d51271cdfff4d71186ddb3b250413cc97d4a23022100aa90bf74c105ca8aaf74a002aaa94058d4590b53ff443491c49cc3206bc5bddb:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/azure/keyvault/azure-keyvault-cert-transparency-missing.yaml

相关漏洞推荐