Descope discovers Microsoft Azure AD OAuth flaw

Share post:

Researchers from Descope have uncovered a security weakness in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) that might have been exploited to achieve full account takeover.

The nOAuth issue allows an attacker to change their email address in Azure AD and then use the “Log in with Microsoft” functionality to take over a victim’s account.

To carry out the attack, the attacker would need to set up an Azure AD admin account and change their email address to match the victim’s. They might then obtain access to the victim’s account by using the “Log in with Microsoft” option on a susceptible app or website. It is caused by a misconfiguration that allows attackers to modify email characteristics inside an Azure AD account’s “Contact Information” section.

If the app merges user accounts without validation, the attacker gains full control of the victim’s account and can establish persistence, exfiltrate data, and perform various post-exploitation activities depending on the nature of the targeted application, even if the victim does not have a Microsoft account.

Microsoft has issued a warning not to use email claims for authorization purposes in Azure AD. It also identified and notified several multi-tenant applications with users that utilize an email address with an unverified domain owner.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways