Account Takeover Proof of Concept for 0Auth Security Flaw in Microsoft Azure Active Directory
Before publishing, Descope informed Microsoft, several “large vulnerable applications,” and two authentication platform providers of the issue and Microsoft has reportedly taken mitigating steps. Context On June 20, 2023, researchers at Descope reported the technical details of a security flaw in the Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process they dubbed “n0Auth.” According…
Read More
