New analysis has uncovered continued danger from a identified safety weak point in Microsoft’s Entra ID, doubtlessly enabling malicious actors to attain account takeovers in inclined software-as-a-service (SaaS) functions.
Identification safety firm Semperis, in an evaluation of 104 SaaS functions, discovered 9 of them to be weak to Entra ID cross-tenant nOAuth abuse.
First disclosed by
nOAuth Vulnerability Nonetheless Impacts 9% of Microsoft Entra SaaS Apps Two Years After Discovery
