Ongoing Risk of nOAuth Vulnerability in Microsoft Entra SaaS Apps
Research reveals that 9% of Microsoft Entra SaaS apps remain vulnerable to nOAuth abuse, a security flaw in OpenID Connect implementation that can lead to account hijacking and data breaches, despite being disclosed two years ago. The vulnerability exploits cross-tenant access and unverified emails, with Microsoft urging developers to properly implement authentication measures to prevent exploitation.