top of page
Search

“UnOAuthorized” Microsoft Entra ID (Azure AD) Vulnerability Let Attackers Gain Global Admin Access

According to the research team at Semperis, the vulnerability was discovered in the OAuth 2.0 scope (permissions) of Entra ID, which enabled attackers to perform actions beyond expected authorization controls. The most concerning discovery involved the ability to add and remove users from privileged roles, including the Global Administrator role.


The research team found that select Microsoft application service principals were allowed to perform certain actions that were not defined in the list of authorized permissions.


This enabled attackers to perform privileged actions, such as adding a user to the Global Administrator role, without appearing to have permission to do so.

Kommentare


bottom of page