Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎07-20-2023 11:28 PM
‎07-20-2023 11:28 PM

Adversaries Can “Log In with Microsoft” through the nOAuth Azure Active Directory Vulnerability

Hi All

 

An interesting piece on the Microsoft nOAuth issues:

 

On June 20, 2023, Descope published research detailing how a combination of a flaw in Azure Active Directory and poorly integrated third-party applications — dubbed “nOAuth” — could lead to full account takeover. nOAuth is the latest in a large number of vulnerabilities and architectural weaknesses in Microsoft software and systems like Active Directory that can be exploited and put organizations at risk. 

While Microsoft has responded to the vulnerability, until developers make code changes in their applications, the proposed mitigation relies on organizations having strong identity protection capabilities to protect privileged accounts from misuse by rogue administrators.

 

https://www.crowdstrike.com/blog/noauth-microsoft-azure-ad-vulnerability/

 

Regards

 

Caute_Cautim

Reply
0 Replies