all InfoSec news
Microsoft Azure AD flaw can lead to account takeover
Malware Analysis, News and Indicators - Latest topics malware.news
Researchers have found that a flaw in Microsoft Azure AD can be used by attackers to take over accounts that rely on pre-established trust.
In a nutshell, Microsoft Azure AD allows you to change the email address associated with an account without verification of whether you are in control of that email address. And in Microsoft Azure AD OAuth applications that email address can be used as a unique identifier.
So, how can this be used in an account take-over? …
account accounts account takeover address attackers azure azure ad change control email flaw microsoft microsoft azure microsoft azure ad researchers takeover trust verification