In this way, attackers can take control of victims’ accounts and act on their behalf.
“The OAuth applications trust domains and sub-domains are not registered by Microsoft, so they can be registered by anyone (including an attacker). These apps are approved by default and are allowed to ask for “access_token.” The combination of these two factors makes it possible to produce an action with the user’s permissions – including gaining access to Azure resources, AD resources and more.”, — write CyberArk experts.
What is OAuth?
OAuth is an authentication protocol that is typically used by end users to provide websites or applications access to their information from other websites without providing the secrets or passwords of websites or applications. It is widely used by many companies to provide users with the ability to exchange information and data about their accounts with third-party applications or websites.
“The protocol itself is well built and secured, but a wrong implementation or inappropriate usage and configuration can have a colossal impact. During the authorization process, the third-party company or application gets a token with specific permissions to take actions on behalf of the user to whom the token belongs”, — report CyberArk researchers.
Experts have discovered several Azure applications released by Microsoft that are vulnerable to this type of attack. If an attacker gains control of domains and URLs that are trusted by Microsoft, these applications will allow him to trick the victim into automatically generating access tokens with user permissions.
It is enough for the criminal to use simple methods of social engineering to force the victim to click on the link or go to a malicious website. In some cases, an attack can be carried out without user interaction. A malicious web site that hides the embedded page may automatically trigger a request to steal a token from a user account.
Read also: The expert created a PoC exploit that bypasses PatchGuard protection
Such applications have an advantage over others, as they are automatically approved in any Microsoft account and therefore do not require user consent to create tokens. Programs cannot be removed from the approved applications portal, and some may not be displayed at all.
To mitigate risk and prevent these vulnerabilities, you can do the following:
However, CyberArk experts reported about a vulnerability in Microsoft at the end of October, and the company fixed it three weeks later.
About Hotmoza.tv Hotmoza.tv pop-ups can not open out of nowhere. If you have actually clicked…
About Bestageandinone.org Bestageandinone.org pop-ups can not expose out of nowhere. If you have actually clicked…
About Downloadfree4.com Downloadfree4.com pop-ups can not expose out of nowhere. If you have actually clicked…
About Xnxxcom.co Xnxxcom.co pop-ups can not launch out of the blue. If you have clicked…
About Tweelessatic.co.in Tweelessatic.co.in pop-ups can not launch out of nowhere. If you have clicked on…
About News-xmabura.xyz News-xmabura.xyz pop-ups can not open out of the blue. If you have actually…