Microsoft Fixes Flaw Threatening Azure Accounts

Researchers detail a bug they found in some of Microsofts OAuth 2.0 applications.

Researchers from CyberArk today outlined a vulnerability they discovered this fall in some Microsoft OAuth 2.0 applications that could allow an attacker to hijack Azure accounts. Microsoft fixed the flaw late last month.
The weaknesses lie in OAuth settings in Microsofts Portfolios, O365 Secure Score, and Microsoft Service Trust applications, and could be abused by an attacker to grab admin accounts and basically own Azure accounts. OAuth is a popular authorization protocol that allows users to share information about their accounts among third-party applications and websites.
The OAuth applications trust domains and sub-domains are not registered by Microsoft, so they can be registered by anyone (including an attacker). These apps are approved by default and are allowed to ask for access_token, CyberArk said in a blog post about the vuln. The combination of these two factors makes it possible to produce an action with the users permissions – including gaining access to Azure resources, AD resources and more.
Read more
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
A Cause You Care About Needs Your Cybersecurity Help
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft Fixes Flaw Threatening Azure Accounts