all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover

Add to bookmarks
June 21, 2023, 11:38 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said.
California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth.
"nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD

access access management account account takeover active directory april authentication authorization azure azure active directory azure ad california critical directory exploited flaw identity identity and access identity and access management implementation issue management microsoft microsoft azure microsoft azure ad noauth oauth process researchers security service takeover

Visit resource

More from thehackernews.com / The Hacker News

The Fundamentals of Cloud Security Stress Testing an hour ago | thehackernews.com
assets attackers cloud cloud security +17
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version an hour ago | thehackernews.com
aim analysis anti-analysis bypass +19
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites 5 hours ago | thehackernews.com
accounts actively exploited admin bogus +25
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator 20 hours ago | thehackernews.com
addition administrator agency crime +17
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data 23 hours ago | thehackernews.com
academia access activists apt42 +32
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion 23 hours ago | thehackernews.com
attack back china china-linked hackers +16
New Case Study: The Malicious Comment 1 day, 1 hour ago | thehackernews.com
case code comments discover +12
Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever) 1 day, 2 hours ago | thehackernews.com
2fa 2-step verification 2sv accounts +18
Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering 1 day, 3 hours ago | thehackernews.com
alexander vinnik august btc btc-e +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Network Security Analyst

@ Wiz | Tel Aviv
View on infosec-jobs.com

Penetration Testing Staff Engineer- Turkey Remote

@ SonicWall | Istanbul, Istanbul, Türkiye
View on infosec-jobs.com

Physical Security Engineer

@ Microsoft | Atlanta, Georgia, United States
View on infosec-jobs.com

Junior Security Consultant (m/w/d)

@ Deutsche Telekom | Berlin, Deutschland
View on infosec-jobs.com

Senior Cybersecurity Product Specialist - Security Endpoint Protection

@ Pacific Gas and Electric Company | San Ramon, CA, US, 94583
View on infosec-jobs.com

Security Engineer, Pre-Sales (PA/NJ)

@ Vectra | US - South New Jersey, US - Pennsylvania
View on infosec-jobs.com
View more jobs