Techly NewsGet the app

Get the latest tech news

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic


Security researcher Dirk-jan Mollema discovered two vulnerabilities in Microsoft's Entra ID identity platform that could have granted attackers administrative access to virtually all Azure customer accounts worldwide. The flaws involved legacy authentication systems -- Actor Tokens issued by Azure's...

Security researcher Dirk-jan Mollema discovered two vulnerabilities in Microsoft's Entra ID identity platform that could have granted attackers administrative access to virtually all Azure customer accounts worldwide. The flaws involved legacy authentication systems -- Actor Tokens issued by Azure's Access Control Service and a validation failure in the retiring Azure Active Directory Graph API.Mollema reported the vulnerabilities to Microsoft on July 14. The vulnerabilities would have allowed attackers to impersonate any user across any Azure tenant and access all Microsoft services using Entra ID authentication.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Microsoft

Microsoft

Related news:

News photo

Microsoft boasts about humongous datacenter on abandoned Foxconn site in Wisconsin

News photo

Microsoft boasts about humongous datacenter on abandoned Foxconn site in Wisconsin

News photo

Microsoft’s Gaming Copilot AI assistant is coming to Windows PCs and the Xbox mobile app

« SoftBank Vision Fund To Lay Off 20% of Employees in Shift To Bold AI Bets
Microsoft is Filling Teams With AI Agents »