Critical nOAuth Flaw in Microsoft Azure AD Enabled Complete Account Takeover

According to researchers, a security flaw in the Open Authorization (OAuth) procedure used by Microsoft Azure Active Directory (AD) might have been used to completely take control of an account. The problem, known as nOAuth, was found and reported in April 2023 by the California-based identity and access management provider Descope.

According to Omer Cohen, chief security officer at Descope, nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD multi-tenant OAuth applications.x000D The configuration error relates to how a malicious actor can alter email properties under Contact Information in the Azure AD account and use the Log in with Microsoft feature to hijack a victim account.

Critical nOAuth Flaw in Microsoft Azure AD Enabled Complete Account Takeover

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Critical nOAuth Flaw in Microsoft Azure AD Enabled Complete Account Takeover

21-Jun-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address