2 matches found
Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover
A security shortcoming in Microsoft Azure Active Directory AD Open Authorization OAuth process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubb...
Potential Risk of Privilege Escalation in Azure AD Applications
Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD AAD applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege. An attacker can falsify the email...