all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Potential Risk of Privilege Escalation in Azure AD Applications

Add to bookmarks
June 20, 2023, 7 a.m. |

Microsoft Security Response Center msrc-blog.microsoft.com

Summary Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD (AAD) applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege. An attacker can falsify the email claim in tokens issued to applications.

aad access access tokens applications authorization azure azure ad claim email escalation insecure microsoft mitigations privilege privilege escalation risk tokens

Visit resource

More from msrc-blog.microsoft.com / Microsoft Security Response Center

Congratulations to the Top MSRC 2024 Q1 Security Researchers! 1 month, 2 weeks ago | msrc-blog.microsoft.com
check chen customers hard +13
Toward greater transparency: Adopting the CWE standard for Microsoft CVEs 1 month, 3 weeks ago | msrc-blog.microsoft.com
center communities current customers +20
Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team 1 month, 4 weeks ago | msrc-blog.microsoft.com
analysts banking collect curiosity +20
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard 2 months, 3 weeks ago | msrc-blog.microsoft.com
actions actor attack blizzard +24
Faye’s Journey: From Security PM to Diversity Advocate at Microsoft 3 months ago | msrc-blog.microsoft.com
career deployment desktop desktops +9
Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and … 3 months ago | msrc-blog.microsoft.com
award awards bounty bug +16
From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin 3 months ago | msrc-blog.microsoft.com
adventures cybersecurity dream found +7
An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career … 3 months, 1 week ago | msrc-blog.microsoft.com
bruce career college dream +13
New Security Advisory Tab Added to the Microsoft Security Update Guide 3 months, 2 weeks ago | msrc-blog.microsoft.com
advisory customers feedback guide +16

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com