Home Security Important ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Full Account Takeover

Important ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Full Account Takeover

by crpt os


Jun 21, 2023Ravie LakshmananAuthentication / Vulnerability

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said.

California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth.

“nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD multi-tenant OAuth applications,” Omer Cohen, chief security officer at Descope, said.

The misconfiguration has to do with how a malicious actor can modify email attributes under “Contact Information” in the Azure AD account and exploit the “Log in with Microsoft” feature to hijack a victim account.

Cybersecurity

To pull off the attack, all an adversary has to do is to create and access an Azure AD admin account and modify their email address to that of a victim and take advantage of the single sign-on scheme on a vulnerable app or website.

“If the app merges user accounts without validation, the attacker now has full control over the victim’s account, even if the victim doesn’t have a Microsoft account,” Cohen explained.

Successful exploitation grants the adversary an “open field” to set up persistence, exfiltrate data, and carry out other post-exploitation activities based on the nature of the app.

This stems from the fact that an email address is both mutable and unverified in Azure AD, prompting Microsoft to issue a warning not to use email claims for authorization purposes.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

The tech giant characterized the issue as an “insecure anti-pattern used in Azure AD (AAD) applications” where the use of the email claim from access tokens for authorization can lead to an escalation of privilege.

“An attacker can falsify the email claim in tokens issued to applications,” it noted. “Additionally, the threat of data leakage exists if applications use such claims for email lookup.”

It also said it identified and notified several multi-tenant applications with users that utilize an email address with an unverified domain owner.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex