all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Why Azure B2C ROPC Custom Flows Are Inherently Insecure

Add to bookmarks
Nov. 28, 2023, 2:03 p.m. | Emmaline

Blog - Praetorian www.praetorian.com

Microsoft’s Azure Active Directory B2C service allows cloud administrators to define custom policies, which orchestrates trust between principals using standard authentication protocols. One such custom policy that B2C defines by default is the Resource Owner Password Credentials (ROPC) flow, which implements the OAuth standard authentication flow of the same name and allows users to simply […]


The post Why Azure B2C ROPC Custom Flows Are Inherently Insecure appeared first on Praetorian.

active directory administrators api authentication authentication protocols azure azure active directory b2c cloud cloud security credentials default directory flow insecure microsoft name oauth password policies policy protocols resource service standard tools & techniques trust

Visit resource

More from www.praetorian.com / Blog - Praetorian

Compromising ByteDance’s RSPack using GitHub Actions Vulnerabilities 1 day, 10 hours ago | www.praetorian.com
actions attacker bytedance bytedance rspack +16
Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 1 month ago | www.praetorian.com
ant application customers cve +21
MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 3 months ago | www.praetorian.com
article can cross-site cswsh +17
Exploiting Kubernetes through Operator Injection 3 months, 2 weeks ago | www.praetorian.com
application applications attack attackers +20
Relution Remote Code Execution via Java Deserialization Vulnerability 4 months ago | www.praetorian.com
application article can clients +26
Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 4 months, 2 weeks ago | www.praetorian.com
attack cd security ci compromise +5
Understanding the Impact of the new Apache Struts File Upload Vulnerability 5 months, 2 weeks ago | www.praetorian.com
abuse apache apache struts bug +23
SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 5 months, 3 weeks ago | www.praetorian.com
authentication authentication bypass bypass code +19
Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 5 months, 3 weeks ago | www.praetorian.com
analysis application code code execution +17

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com