![]() ![]() OAuth (short for Open Authorization) is a standard authorization protocol. To understand how this flaw-dubbed nOAuth by the researchers-works we need to take a few steps back and explain how OAuth works. So, how can this be used in an account take-over? And in Microsoft Azure AD OAuth applications that email address can be used as a unique identifier. In a nutshell, Microsoft Azure AD allows you to change the email address associated with an account without verification of whether you are in control of that email address. Researchers have found that a flaw in Microsoft Azure AD can be used by attackers to take over accounts that rely on pre-established trust.
0 Comments
Leave a Reply. |