Technical Advisory – Azure B2C – Crypto Misuse and Account Compromise | allinfosecnews.com

Feb. 15, 2023, 3:01 p.m. | emmaline

Blog - Praetorian www.praetorian.com

Microsoft’s Azure Active Directory B2C service contained a cryptographic flaw which allowed an attacker to craft an OAuth refresh token with the contents for any user account. An attacker could redeem this refresh token for a session token, thereby gaining access to a victim account as if the attacker had logged in through a legitimate […]

The post Technical Advisory – Azure B2C – Crypto Misuse and Account Compromise appeared first on Praetorian.

access account account compromise active directory advisory authorization azure azure active directory b2c cloud security compromise crypto cryptography directory flaw microsoft oauth oauth refresh token refresh token service session technical token victim

More from www.praetorian.com / Blog - Praetorian

MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 1 month, 4 weeks ago | www.praetorian.com

article can cross-site cswsh +17

Exploiting Kubernetes through Operator Injection 2 months, 1 week ago | www.praetorian.com

application applications attack attackers +20

Relution Remote Code Execution via Java Deserialization Vulnerability 2 months, 3 weeks ago | www.praetorian.com

application article can clients +26

Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 3 months, 1 week ago | www.praetorian.com

attack cd security ci compromise +5

Understanding the Impact of the new Apache Struts File Upload Vulnerability 4 months, 1 week ago | www.praetorian.com

abuse apache apache struts bug +23

SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 4 months, 2 weeks ago | www.praetorian.com

authentication authentication bypass bypass code +19

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 4 months, 2 weeks ago | www.praetorian.com

analysis application code code execution +17

Why Azure B2C ROPC Custom Flows Are Inherently Insecure 4 months, 4 weeks ago | www.praetorian.com

active directory administrators api authentication +23

Nosey Parker’s Ongoing Machine Learning Development 5 months, 1 week ago | www.praetorian.com

blog blog post code data +23

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Cyber Security Cloud Solution Architect

@ Microsoft | London, London, United Kingdom

View on infosec-jobs.com

Compliance Program Analyst

@ SailPoint | United States

View on infosec-jobs.com

Software Engineer III, Infrastructure, Google Cloud Security and Privacy

@ Google | Sunnyvale, CA, USA

View on infosec-jobs.com

Cryptography Expert

@ Raiffeisen Bank Ukraine | Kyiv, Kyiv city, Ukraine

View on infosec-jobs.com

Senior Cyber Intelligence Planner (15.09)

@ OCT Consulting, LLC | Washington, District of Columbia, United States

View on infosec-jobs.com