all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD

Add to bookmarks
c
Aug. 8, 2023, 4:43 p.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Obsidian Security.In several recent investigations of SaaS security incidents, the Obsidian threat research team identified a novel attack vector in the wild: abuse of the Azure AD self-service password reset (SSPR) feature.With the glaring lack of coverage around this specific threat vector, our team felt it would be an important topic for discussion. In this blog, we’ll explore the self-service password reset technique in more detail, share some firsthand examples fr...

abuse attack attack vector azure azure ad breach feature incidents investigations novel obsidian obsidian security password password reset research reset saas saas security security service team threat threat research threat vector

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
DevSecOps Tools 3 days, 22 hours ago | cloudsecurityalliance.org
code code management development devops +18
Cl
AI Hallucinations: The Emerging Market for Insuring Against Generative AI's Costly Blunders 5 days, 19 hours ago | cloudsecurityalliance.org
ai governance ai hallucinations blog chair +16
Cl
Why Business Risk Should be Your Guiding North Star for Remediation 5 days, 20 hours ago | cloudsecurityalliance.org
adoption agile attack attack surface +19
Cl
Upselling Cybersecurity: Why Baseline Security Features Shouldn’t Be a Commodity 5 days, 20 hours ago | cloudsecurityalliance.org
accountability advisory barr advisory consulting +23
Cl
Breach Debrief: The Fake Slackbot 1 week, 2 days ago | cloudsecurityalliance.org
abusing adaptive shield breach design +15
Cl
Understanding the Nuances: Privacy and Confidentiality 1 week, 2 days ago | cloudsecurityalliance.org
age american businesses clients +19
Cl
What’s in a Name? Defining Zero Trust for Leaders 1 week, 2 days ago | cloudsecurityalliance.org
analyst board business concept +17
Cl
Are You Ready for Microsoft Copilot? 1 week, 2 days ago | cloudsecurityalliance.org
ai chatbot chatbot copilot customers +13
Cl
Implementing a Data-Centric Approach to Security 1 week, 2 days ago | cloudsecurityalliance.org
access access governance can cto +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Network Security Engineer

@ Meta | Menlo Park, CA | Remote, US
View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Washington, DC
View on infosec-jobs.com

Threat Investigator- Security Analyst

@ Meta | Menlo Park, CA | Seattle, WA | Washington, DC
View on infosec-jobs.com

Security Operations Engineer II

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Bug Bounty -- Associate -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs