all InfoSec news
Azure AD B2C cryptographic flaw allowing account compromise
Feb. 15, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
This cryptographic flaw could have allowed an unauthenticated attacker to craft an OAuth refresh token for any AD B2C user account if they knew their public key.
Moreover, every AD B2C user's public key was recoverable through an unrelated vulnerability (though RSA encryption should not rely on public key secrecy regardless).
An attacker could redeem this …
account account compromise active directory azure azure active directory azure ad b2c compromise directory encryption flaw key oauth oauth refresh token private public public key refresh token rsa rsa encryption service the key token vulnerability
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
6 days, 4 hours ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
2 weeks, 6 days ago |
www.cloudvulndb.org
AWS Glue database password leakage
3 weeks, 3 days ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 4 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 2 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
DevSecOps Engineer
@ Material Bank | Remote
Instrumentation & Control Engineer - Cyber Security
@ ASSYSTEM | Bridgwater, United Kingdom
Security Consultant
@ Tenable | MD - Columbia - Headquarters
Management Consultant - Cybersecurity - Internship
@ Wavestone | Hong Kong, Hong Kong
TRANSCOM IGC - Cybersecurity Engineer
@ IT Partners, Inc | St. Louis, Missouri, United States
Manager, Security Operations Engineering (EMEA)
@ GitLab | Remote, EMEA