Ongoing Risk of nOAuth Vulnerability in Microsoft Entra SaaS Apps

June 25, 2025 at 04:56 PM

•

1 min read

Ongoing Risk of nOAuth Vulnerability in Microsoft Entra SaaS Apps — Photo: The Hacker News

TL;DR Summary

Research reveals that 9% of Microsoft Entra SaaS apps remain vulnerable to nOAuth abuse, a security flaw in OpenID Connect implementation that can lead to account hijacking and data breaches, despite being disclosed two years ago. The vulnerability exploits cross-tenant access and unverified emails, with Microsoft urging developers to properly implement authentication measures to prevent exploitation.

Topics:technology #account-takeover #microsoft-entra-id #noauth #openid-connect #saas-security #saas-vulnerabilities

Share this article

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery The Hacker News
nOAuth Lives On in Cloud App Logins Using Entra ID BankInfoSecurity
Microsoft nOAuth Flaw Still Exposes SaaS Apps Two Years After Discovery Infosecurity Magazine
Thousands of SaaS Apps Could Still Be Susceptible to nOAuth SecurityWeek
Semperis Research Uncovers Ongoing Risk from nOAuth Vulnerability in Microsoft Entra ID, Affecting Enterprise SaaS Applications PR Newswire

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

91%

649 → 56 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights