Tag

Microsoft Entra Id

All articles tagged with #microsoft entra id

technology3 months ago•5 min saved

Microsoft Patches Critical Entra ID Flaw Enabling Tenant Impersonation

Microsoft patched a critical security flaw in Entra ID (formerly Azure AD) that could have allowed attackers to impersonate any user, including Global Admins, across tenants by exploiting a token validation failure. The vulnerability, which was addressed in July 2025, involved legacy API issues and could bypass MFA and logging, posing a significant threat to tenant security. No evidence of exploitation has been reported, but the flaw highlights risks associated with legacy API dependencies and cloud misconfigurations.

via The Hacker News|

#cross-tenant-impersonation #cve-2025-55241 #microsoft-entra-id

technology3 months ago•4 min saved

Critical Microsoft Entra ID Flaw Poses Global Security Risk

A critical security flaw in Microsoft Entra ID, involving undocumented 'actor tokens' and a vulnerability in the Azure AD Graph API, could have allowed attackers to hijack any company's tenant and gain full administrative access without detection. The issue was discovered by security researcher Dirk-jan Mollema and has since been patched by Microsoft.

via BleepingComputer|

#actor-tokens #azure-ad-graph-api #microsoft-entra-id

saas-security6 months ago•3 min saved

Ongoing Risk of nOAuth Vulnerability in Microsoft Entra SaaS Apps

Research reveals that 9% of Microsoft Entra SaaS apps remain vulnerable to nOAuth abuse, a security flaw in OpenID Connect implementation that can lead to account hijacking and data breaches, despite being disclosed two years ago. The vulnerability exploits cross-tenant access and unverified emails, with Microsoft urging developers to properly implement authentication measures to prevent exploitation.

via The Hacker News|

#account-takeover #microsoft-entra-id #noauth