Noauth

Vulnerability Profile Updated 2 months ago
Download STIX
Preview STIX
nOAuth is a vulnerability discovered and reported by California-based identity and access management service, Descope, in April 2023. The issue pertains to an authentication implementation flaw that affects Microsoft Azure Active Directory (Azure AD) multi-tenant OAuth applications. This flaw exposes vulnerabilities in the trust between an identity provider (Azure AD) and a relying party (an application), potentially leading to session theft and a shift of identity security problems to the cloud. Organizations using the "Log in with Microsoft" feature could be exposed to an authentication bypass, leading to account takeovers of online and cloud-based accounts. To understand the scope of this problem, Descope researchers created a proof-of-concept exploit for nOAuth and conducted a white-hat attack on hundreds of websites and applications to check their vulnerability. The results indicated that small businesses with fewer developer resources might be particularly impacted. Furthermore, this issue lays bare the broader challenges associated with the integration of Azure AD with Active Directory, underscoring the need for robust security measures in cloud-based identity and access management services. In response to this vulnerability, Microsoft released guidance on June 20 on how to manage the nOAuth vulnerability. They have suggested practices to detect attacks and prevent lateral movement, effectively stopping breaches stemming from vulnerabilities in Active Directory and Azure AD. In the context of nOAuth, these measures would enable the detection of rogue administrator activity, which could indicate an intent to exploit nOAuth.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
Microsoft
Azure
Facebook
Lateral Move...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Noauth Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Malwarebytes
a year ago
Microsoft Azure AD flaw can lead to account takeover
CERT-EU
a year ago
Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover
CERT-EU
a year ago
Azure AD ‘Log in With Microsoft’ Authentication Bypass at Risk | IT Security News
CERT-EU
a year ago
Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands
CrowdStrike
a year ago
nOAuth Microsoft Azure AD Vulnerability | CrowdStrike
CERT-EU
a year ago
Microsoft Fixes NoAuth Flaws, Prevents Account Takeover