• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
experts uncover how cybercriminals could exploit microsoft entra id for

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

You are here: Home / General Cyber Security News / Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege
August 28, 2023

Cybersecurity researchers have learned a situation of privilege escalation connected with a Microsoft Entra ID (previously Azure Energetic Directory) application by taking advantage of an deserted reply URL.

“An attacker could leverage this deserted URL to redirect authorization codes to on their own, exchanging the sick-gotten authorization codes for access tokens,” Secureworks Counter Risk Unit (CTU) stated in a specialized report published last week.

“The menace actor could then get in touch with Energy Platform API by using a center-tier services and attain elevated privileges.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Subsequent liable disclosure on April 5, 2023, the issue was dealt with by Microsoft by way of an update produced a day later on. Secureworks has also designed offered an open-source instrument that other organizations can use to scan for deserted reply URLs.

Cybersecurity

Reply URL, also referred to as redirect URI, refers to the place the place the authorization server sends the user at the time the app has been productively approved and granted an authorization code or access token.

“The authorization server sends the code or token to the redirect URI, so it is vital you register the suitable location as component of the application registration process,” Microsoft notes in its documentation.

Secureworks CTU stated it discovered an deserted Dynamics Knowledge Integration app reply URL related with the Azure Website traffic Supervisor profile that created it possible to invoke the Electric power System API through a middle-tier service and tamper with the natural environment configurations.

Microsoft Entra ID

In a hypothetical attack situation, this could have been used to get the program administrator purpose for an present support principal and deliver requests to delete an setting, as perfectly as abuse the Azure Ad Graph API to collect information and facts about the focus on in get to stage comply with-on routines.

This, however, banking institutions on the risk that a target clicks on a malicious url, as a consequence of which the authorization code issued by Microsoft Entra ID upon logging is sent to a redirect URL hijacked by the danger actor.

Cybersecurity

The disclosure will come as Kroll uncovered an uptick in DocuSign-themed phishing strategies employing open up redirects, enabling adversaries to propagate specially crafted URLs that, when clicked, redirect potential victims to a destructive site.

“By crafting a deceptive URL that leverages a reliable web site, destructive actors can extra effortlessly manipulate people into clicking the url, as well as deceiving/bypassing network technology that scans back links for destructive written content,” Kroll’s George Glass reported.

“This effects in a victim staying redirected to a destructive web-site built to steal sensitive details, these types of as login credentials, credit score card aspects or private information.”

Observed this post interesting? Adhere to us on Twitter  and LinkedIn to go through extra special material we put up.


Some elements of this post are sourced from:
thehackernews.com

Previous Post: «developers beware: malicious rust libraries caught transmitting os info to Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel
Next Post: Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks phishing as a service gets smarter: microsoft sounds alarm on aitm attacks»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.