8 matches found
EUVD-2020-18659
Malware in sbrugna...
CVE-2020-26029
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header...
How to investigate service provider trust chains in the cloud
In a recent Microsoft blog post, we documented technical guidance for organizations to protect themselves from the latest NOBELIUM activity that was found to target technology service providers, which are privileged in their downstream customer tenants, as a method to gain access to their...
CVE-2020-26029
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header...
CVE-2019-1258
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another user. The authenticated attacker can exploit this...
Azure Active Directory Authentication Library Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another user. The authenticated attacker can exploit this...
Microsoft Azure Active Directory Authentication Library Elevation of Privilege Vulnerability
Microsoft Azure Active Directory Authentication Library is an authentication library from Microsoft Corporation USA. This product allows client applications to authenticate users. An elevation of privilege vulnerability exists in On-Behalf-Of flow in the Azure Active Directory Authentication...
PT-2019-3054 · Microsoft · Azure Active Directory Authentication Library
Name of the Vulnerable Software and Affected Versions: Azure Active Directory Authentication Library affected versions not specified Description: The issue is related to insecure privilege management in the Azure Active Directory Authentication Library, specifically in the On-Behalf-Of flow, wher...