Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

    justmattgBy justmattgAugust 29, 2023No Comments3 Mins Read

    [ad_1]

    Aug 28, 2023THNVulnerability / Active Directory

    Microsoft Entra ID for Elevated Privilege

    Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL.

    “An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens,” Secureworks Counter Threat Unit (CTU) said in a technical report published last week.

    “The threat actor could then call Power Platform API via a middle-tier service and obtain elevated privileges.”

    Following responsible disclosure on April 5, 2023, the issue was addressed by Microsoft via an update released a day later. Secureworks has also made available an open-source tool that other organizations can use to scan for abandoned reply URLs.

    Cybersecurity

    Reply URL, also called redirect URI, refers to the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.

    “The authorization server sends the code or token to the redirect URI, so it’s important you register the correct location as part of the app registration process,” Microsoft notes in its documentation.

    Secureworks CTU said it identified an abandoned Dynamics Data Integration app reply URL associated with the Azure Traffic Manager profile that made it possible to invoke the Power Platform API via a middle-tier service and tamper with the environment configurations.

    Microsoft Entra ID

    In a hypothetical attack scenario, this could have been used to acquire the system administrator role for an existing service principal and send requests to delete an environment, as well as abuse the Azure AD Graph API to gather information about the target in order to stage follow-on activities.

    This, however, banks on the possibility that a victim clicks on a malicious link, as a result of which the authorization code issued by Microsoft Entra ID upon logging is delivered to a redirect URL hijacked by the threat actor.

    Cybersecurity

    The disclosure comes as Kroll revealed an uptick in DocuSign-themed phishing campaigns utilizing open redirects, enabling adversaries to propagate specially crafted URLs that, when clicked, redirect potential victims to a malicious site.

    “By crafting a deceptive URL that leverages a trustworthy website, malicious actors can more easily manipulate users into clicking the link, as well as deceiving/bypassing network technology that scans links for malicious content,” Kroll’s George Glass said.

    “This results in a victim being redirected to a malicious site designed to steal sensitive information, such as login credentials, credit card details or personal data.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleCybercriminals Harness Leaked LockBit Builder in Wave of New Attacks
    Next Article Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑