Advertisement
Top
image credit: Pxhere

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

August 28, 2023

Via: The Hacker News
Category:

Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL.

“An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens,” Secureworks Counter Threat Unit (CTU) said in a technical report published last week.

“The threat actor could then call Power Platform API via a middle-tier service and obtain elevated privileges.”

Read More on The Hacker News

RELATED PUBLICATIONS

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
Ransomware evolves from mere extortion to ‘psychological attacks’

Latest Publications

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
Ransomware evolves from mere extortion to ‘psychological attacks’
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!