Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover – ITTS

Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover

21 June 2023

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth.

Source: The Hacker News

Date:

21 June 2023

Categorie(s):

Tag(s):

Account Takeover, Azure (Microsoft), Cloud Provider, Flaws, IaaS

Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches5 November 2024
Amazon Inspector suppression rules best practices for AWS Organizations5 November 2024
Building Cybersecurity Resilience: Strategies, Technologies, and Best Practices from Industry Leaders5 November 2024
Criminals open DocuSign’s Envelope API to make BEC special delivery5 November 2024
Link Index for Customer Identity and Access Management5 November 2024