Trend Micro has uncovered a significant cloud credential leak involving Axis Communications’ Autodesk Revit plugin, which could lead to a supply-chain attack. The exposure involved hard-coded Azure credentials in a signed DLL, risking unauthorized access to critical storage accounts. #AzureSharedAccessSignature #AxisCommunications
Keypoints
- A cloud credential exposure was discovered in Axis Communications’ plugin for Autodesk Revit.
- The vulnerability involved hard-coded Azure credentials stored in a signed DLL named AzureBlobRestAPI.dll.
- Exposed credentials allowed full control over two Azure storage accounts used for Axis’s cloud data.
- The plugin is used by professionals in construction, security, and government sectors, creating high-value supply-chain risks.
- Axis released multiple updates to revoke and limit the exposed credentials, preventing unauthorized access.