Researchers Discover Reply URL Takeover Issue in Azure

Following the disclosure of a serious vulnerability in the Microsoft Power Platform, security experts are advising Azure Active Directory (AD) customers to keep an eye out for abandoned reply URLs. The reply URL takeover flaw, according to Secureworks, was found earlier in April and corrected by Microsoft in less than a day.

In an Azure AD application connected to the low-code Power Platform, the researchers had discovered a reply URL address that had been abandoned.x000D The URL could be used by attackers to exchange authorization codes for access tokens by rerouting them to themselves. According to Secureworks, the threat actor may then use a middle-tier service to access the Power Platform API and gain higher rights.

Researchers Discover Reply URL Takeover Issue in Azure

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Researchers Discover Reply URL Takeover Issue in Azure

25-Aug-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address