Researchers Discover Reply URL Takeover Issue in Azure


Following the disclosure of a serious vulnerability in the Microsoft Power Platform, security experts are advising Azure Active Directory (AD) customers to keep an eye out for abandoned reply URLs. The reply URL takeover flaw, according to Secureworks, was found earlier in April and corrected by Microsoft in less than a day.

In an Azure AD application connected to the low-code Power Platform, the researchers had discovered a reply URL address that had been abandoned.x000D The URL could be used by attackers to exchange authorization codes for access tokens by rerouting them to themselves. According to Secureworks, the threat actor may then use a middle-tier service to access the Power Platform API and gain higher rights.

Read More…