"Mollema has studied Entra ID security in depth and published multiple studies about weaknesses in the system, which was formerly known as Azure Active Directory. But while preparing to present at the Black Hat security conference in Las Vegas in July, Mollema discovered two vulnerabilities that he realized could be used to gain global administrator privileges-essentially god mode-and compromise every Entra ID directory, or what is known as a "tenant.""
""It was quite bad. As bad as it gets, I would say." "From my own tenants-my test tenant or even a trial tenant-you could request these tokens and you could impersonate basically anybody else in anybody else's tenant," Mollema adds. "That means you could modify other people's configuration, create new and admin users in that tenant, and do anything you would like.""
Entra ID stores Azure customers' user identities, sign-in access controls, applications, and subscription management tools. Security researcher Dirk-jan Mollema discovered two vulnerabilities capable of granting global administrator privileges across Entra ID directories. The flaws could enable attackers to request tokens from test or trial tenants, impersonate users in other tenants, modify configurations, create admin accounts, and perform unrestricted actions. The vulnerabilities potentially affected nearly every Entra ID tenant worldwide except some government cloud instances. Mollema runs Outsider Security and has previously published multiple studies on Entra ID weaknesses. The issues were identified while preparing for a Black Hat presentation.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]