H3-2026-0023¶

Azure Container Registry Admin User Enabled

Description¶

Where an Azure Container Registry has the built-in admin account enabled, this provides a static username and password for registry access.

Impact¶

Attackers who obtain the admin credentials can push malicious container images, pull sensitive images containing secrets, or modify existing images to inject backdoors into the software supply chain.

References¶

• Azure Container Registry Authentication
• Best practices for Azure Container Registry
• MITRE ATT&CK Technique: T1078: Valid Accounts
• MITRE ATT&CK Technique: T1525: Implant Internal Image