all InfoSec news
GraphNinja
April 29, 2024, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
The issue involved switching the 'common' authentication endpoint with that of an unrelated tenant,
thereby avoiding the appearance of logon attempts in the victim's logs.
This technique could allow attackers to validate user credentials through verbose error messages,
but actual successful logons using these credentials would still be recorded in the victims' logs (regardless of endpoint).
attackers attacks authentication credentials detection endpoint error graph issue logon logs messages microsoft password spray user credentials victim vulnerability
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Amplify IAM role publicly assumable exposure
1 month, 2 weeks ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 3 weeks ago |
www.cloudvulndb.org
Synapse Analytics privilege escalation via intelligent caching
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC