all InfoSec news
Azure AD B2C cryptographic flaw allowing account compromise
Feb. 15, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
This cryptographic flaw could have allowed an unauthenticated attacker to craft an OAuth refresh token for any AD B2C user account if they knew their public key.
Moreover, every AD B2C user's public key was recoverable through an unrelated vulnerability (though RSA encryption should not rely on public key secrecy regardless).
An attacker could redeem this …
account account compromise active directory azure azure active directory azure ad b2c compromise directory encryption flaw key oauth oauth refresh token private public public key refresh token rsa rsa encryption service the key token vulnerability
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Amplify IAM role publicly assumable exposure
1 month, 2 weeks ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 3 weeks ago |
www.cloudvulndb.org
Synapse Analytics privilege escalation via intelligent caching
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)