Last activity 13h agoPosted Nov 26, 2025 at 6:25 AM EST
Azure Apim Cross-Tenant Signup Bypass
Mood
informative
Sentiment
neutral
Category
security
Key topics
Azure Security
API Management
Vulnerability Disclosure
Debate intensity20/100
Discussion Activity
Light discussionFirst comment
N/A
Peak period
1
Hour 1
Avg / period
1
Key moments
- 01Story posted
Nov 26, 2025 at 6:25 AM EST
14h ago
Step 01 - 02First comment
Nov 26, 2025 at 6:25 AM EST
0s after posting
Step 02 - 03Peak activity
1 comments in Hour 1
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 26, 2025 at 7:35 AM EST
13h ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Discussion (1 comments)
Showing 2 comments
13h ago
Wild, feels just like those 90s zero-day drops when everything was ‘disclosed by necessity.’ And of course Microsoft still pulls the classic ‘by design’ line instead of paying out. Some things never change.
chili-salsaAuthor
14h ago
A security vulnerability in Azure API Management (APIM) Developer Portal allows attackers to register accounts on any APIM instance that has Basic Authentication enabled, even when administrators have disabled user signup in the portal UI.
This bypass enables cross-tenant account creation, potentially allowing unauthorized access to API documentation, subscription keys, and other resources exposed through the Developer Portal.
ID: 46056328Type: storyLast synced: 11/26/2025, 11:26:07 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.