nOAuth is a vulnerability discovered and reported by California-based identity and access management service, Descope, in April 2023. The issue pertains to an authentication implementation flaw that affects Microsoft Azure Active Directory (Azure AD) multi-tenant OAuth applications. This flaw exposes vulnerabilities in the trust between an identity provider (Azure AD) and a relying party (an application), potentially leading to session theft and a shift of identity security problems to the cloud. Organizations using the "Log in with Microsoft" feature could be exposed to an authentication bypass, leading to account takeovers of online and cloud-based accounts.
To understand the scope of this problem, Descope researchers created a proof-of-concept exploit for nOAuth and conducted a white-hat attack on hundreds of websites and applications to check their vulnerability. The results indicated that small businesses with fewer developer resources might be particularly impacted. Furthermore, this issue lays bare the broader challenges associated with the integration of Azure AD with Active Directory, underscoring the need for robust security measures in cloud-based identity and access management services.
In response to this vulnerability, Microsoft released guidance on June 20 on how to manage the nOAuth vulnerability. They have suggested practices to detect attacks and prevent lateral movement, effectively stopping breaches stemming from vulnerabilities in Active Directory and Azure AD. In the context of nOAuth, these measures would enable the detection of rogue administrator activity, which could indicate an intent to exploit nOAuth.
Description last updated: 2024-05-05T01:04:59.180Z