all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Why Azure B2C ROPC Custom Flows Are Inherently Insecure

Add to bookmarks
Nov. 28, 2023, 2:03 p.m. | Emmaline

Blog - Praetorian www.praetorian.com

Microsoft’s Azure Active Directory B2C service allows cloud administrators to define custom policies, which orchestrates trust between principals using standard authentication protocols. One such custom policy that B2C defines by default is the Resource Owner Password Credentials (ROPC) flow, which implements the OAuth standard authentication flow of the same name and allows users to simply […]


The post Why Azure B2C ROPC Custom Flows Are Inherently Insecure appeared first on Praetorian.

active directory administrators api authentication authentication protocols azure azure active directory b2c cloud cloud security credentials default directory flow insecure microsoft name oauth password policies policy protocols resource service standard tools & techniques trust

Visit resource

More from www.praetorian.com / Blog - Praetorian

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 14 hours ago | www.praetorian.com
ant application customers cve +21
MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 1 month, 4 weeks ago | www.praetorian.com
article can cross-site cswsh +17
Exploiting Kubernetes through Operator Injection 2 months, 1 week ago | www.praetorian.com
application applications attack attackers +20
Relution Remote Code Execution via Java Deserialization Vulnerability 2 months, 3 weeks ago | www.praetorian.com
application article can clients +26
Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 3 months, 1 week ago | www.praetorian.com
attack cd security ci compromise +5
Understanding the Impact of the new Apache Struts File Upload Vulnerability 4 months, 2 weeks ago | www.praetorian.com
abuse apache apache struts bug +23
SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 4 months, 2 weeks ago | www.praetorian.com
authentication authentication bypass bypass code +19
Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 4 months, 3 weeks ago | www.praetorian.com
analysis application code code execution +17
Why Azure B2C ROPC Custom Flows Are Inherently Insecure 4 months, 4 weeks ago | www.praetorian.com
active directory administrators api authentication +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Data & Security Engineer Lead

@ LiquidX | Singapore, Central Singapore, Singapore
View on infosec-jobs.com

IT and Cyber Risk Control Lead

@ GXS Bank | Singapore - OneNorth
View on infosec-jobs.com

Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Cyber Security Analyst (Weekend 1st Shift)

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com

Senior Manager, Cybersecurity

@ BlueTriton Brands | Stamford, CT, US
View on infosec-jobs.com
View more jobs