all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD

Add to bookmarks
c
Aug. 8, 2023, 4:43 p.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Obsidian Security.In several recent investigations of SaaS security incidents, the Obsidian threat research team identified a novel attack vector in the wild: abuse of the Azure AD self-service password reset (SSPR) feature.With the glaring lack of coverage around this specific threat vector, our team felt it would be an important topic for discussion. In this blog, we’ll explore the self-service password reset technique in more detail, share some firsthand examples fr...

abuse attack attack vector azure azure ad breach feature incidents investigations novel obsidian obsidian security password password reset research reset saas saas security security service team threat threat research threat vector

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
The Path to SOC 2 Compliance for Startups 2 days, 13 hours ago | cloudsecurityalliance.org
business can challenges companies +16
Cl
Learn How to Navigate Ransomware Attacks in a Digital World 4 days, 9 hours ago | cloudsecurityalliance.org
attacks businesses computer digital +16
Cl
What are the ISO 9001 Requirements? 1 week, 1 day ago | cloudsecurityalliance.org
certification compliance context evaluation +16
Cl
What is Agile Compliance? | Continuous Monitoring for Enhanced Risk Reduction 1 week, 3 days ago | cloudsecurityalliance.org
agile amp best practices blog +32
Cl
Unlocking Trust in the Digital Age: The Power of Blockchain Technologies 1 week, 3 days ago | cloudsecurityalliance.org
age blockchain business communication +20
Cl
Level Up Your Security Strategy with Cyber Resilience 1 week, 4 days ago | cloudsecurityalliance.org
advisory barr advisory breach can +16
Cl
Mastering Least Privilege: Cutting Unused Access 1 week, 4 days ago | cloudsecurityalliance.org
access attack attack surface breaches +16
Cl
How Cybersecurity and AI Will Influence Global Elections in 2024 1 week, 4 days ago | cloudsecurityalliance.org
advocacy artificial artificial intelligence big +20
Cl
Mastering Secure DevOps with Six Key Strategies 1 week, 5 days ago | cloudsecurityalliance.org
addresses applications attacks breaches +24

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com