Microsoft Azure Active Directory (Azure AD) appears vulnerable to a new vulnerability discovered by security researchers. It was discovered that a vulnerability in Bing search results allowed users to alter the results and view users’ private information. This included Outlook emails, calendars, and Microsoft Teams messages stored.
In the event of a misconfiguration in Azure Active Directory (AAD) in Microsoft’s cloud-hosted applications, miscreants could have compromised Bing’s search engine to subvert Microsoft’s cloud-hosted services. The results could even be changed on the Bing home page if the request succeeds.
Several user accounts were left vulnerable to theft and snooping, as well as Outlook emails, calendars, and Teams messages.
An Azure Active Directory (Azure AD) misconfiguration has been identified by Wiz researchers as part of the BingBang campaign. The issue was discovered in January this year.
Microsoft’s multitenant applications in Azure AD were misconfigured due to misconfiguration in the database. A developer must perform additional authentication steps to prevent these applications from being logged into by any Azure user, as these applications allow users to log into them from anywhere.
In AAD, apps can be single-tenant or multi-tenant, depending on this need and the user’s choice. Azure users ca
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: