| ▲ | VoidWhisperer 4 days ago | |||||||
I feel like I remember a similar attack related to Entra ID from a while ago, although I can't remember exactly what it was (maybe [0] or [1]?).. I understand that this is a complex system, but I would be concerned with the number of relatively high severity vulnerabilities being found in it. [0]: https://securitylabs.datadoghq.com/articles/i-spy-escalating... [1]: https://www.semperis.com/blog/unoauthorized-privilege-elevat... | ||||||||
| ▲ | mindcrash 4 days ago | parent [-] | |||||||
You could get into Microsoft's tenant with any Entra account. That's because Microsoft's own fucking developers don't even understand how Entra authentication/authorization works, and that in some/most scenarios you'll need to check if a account is actually authorized to enter a protected resource post-login (which you need to do within the Oauth login flow in the resource being accessed, nobody will do it for you). Something I already discovered by accident (and fixed, ofcourse!) in my own SaaS service at the time (with support for Entra B2B authentication) even before this researcher discovered the same at Microsoft: https://research.eye.security/consent-and-compromise/ HN discussion thread: https://news.ycombinator.com/item?id=44850681 | ||||||||
| ||||||||