Microsoft published the Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs which describes how to check if an Azure AD is possibly affected by the private key disclosure.
I know what a private key is, but I am unsure about the dangers in that context.
If I now assume that the private key of an account with administrative rights has been leaked: In what form could this private key be used outside the company? It occurs to me that I could use it to decrypt emails that were encrypted with the associated public key.
What other dangers are there if someone has this private key but is not logged on to the Active Directory? Is it possible to get access to the infrastructure with it?
