Attacks leveraging the Microsoft Entra ID cross-tenant vulnerability nOAuth were discovered by Semperis to potentially compromise 9% of Entra ID software-as-a-service applications two years after the initial disclosure of the security issue, The Hacker News reports.
Threat actors could exploit the authentication implementation flaw to replace Entra ID accounts' mail attributes and later abuse their Microsoft login functionality to hijack SaaS app accounts. "nOAuth abuse is a serious threat that many organizations may be exposed to... An attacker that successfully abuses nOAuth would be able not only to gain access to the SaaS application data, but also potentially to pivot into Microsoft 365 resources," said Semperis Chief Identity Architect Eric Woodruff. Appropriate authentication implementation among developers has been deemed necessary to mitigate the security issue. Such a development comes after a Trend Micro report detailing the exploitation of misconfigured Kubernetes containers to compromise AWS credentials. "The findings [...] highlight critical security considerations when using Amazon EKS Pod Identity for simplifying AWS resource access in Kubernetes environments," said Trend Micro researcher Jiri Gogela.
Threat actors could exploit the authentication implementation flaw to replace Entra ID accounts' mail attributes and later abuse their Microsoft login functionality to hijack SaaS app accounts. "nOAuth abuse is a serious threat that many organizations may be exposed to... An attacker that successfully abuses nOAuth would be able not only to gain access to the SaaS application data, but also potentially to pivot into Microsoft 365 resources," said Semperis Chief Identity Architect Eric Woodruff. Appropriate authentication implementation among developers has been deemed necessary to mitigate the security issue. Such a development comes after a Trend Micro report detailing the exploitation of misconfigured Kubernetes containers to compromise AWS credentials. "The findings [...] highlight critical security considerations when using Amazon EKS Pod Identity for simplifying AWS resource access in Kubernetes environments," said Trend Micro researcher Jiri Gogela.
