Organizations that have adopted the “Log in with Microsoft” feature to their Microsoft Azure Active Directory setups may be exposed to an authentication bypass, which might lead to account takeovers of online and cloud-based accounts.
Descope researchers have labeled the attack as “nOAuth”. The campaign, according to them is an authentication implementation flaw that affects multitenant OAuth apps in Azure AD, Microsoft’s cloud-based identity and access management service. If the attack is successful, the threat actor could then take over their victim’s accounts, enabling them to create persistence, exfiltrate data, determine whether lateral movement is feasible, and other activities.
According to Omer Cohen, CISO at Descope ”OAuth and OpenID Connect are open, popular standards which millions of Web properties already use[…]If ‘Log in with Microsoft’ is improperly implemented, several of these apps could be vulnerable to account takeover. Small businesses with fewer developer resources could especially be impacted.”
About nOAuth Cyberattack Threat
OAuth is an open source, token-based authorization framework that enables users to log into applications automatically based on prior authentication to another reputable app. Most consumers are already familiar with this thanks to the “Log in with Facebook” or “Log in with Google” choices seen on numerous e-commerce websites.
OAuth is used in the Azure AD environment to control user access to outside resou
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: