Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Microsoft Entra ID Flaw Bypasses Hybrid IDs

August 16, 2024
Reading Time: 2 mins read
in Alerts
Microsoft Entra ID Flaw Bypasses Hybrid IDs

A newly discovered vulnerability in Microsoft Entra ID (formerly Azure Active Directory) has exposed a critical risk for organizations using hybrid identity infrastructures. Researchers from Cymulate have identified a flaw in the Pass-Through Authentication (PTA) process, which allows attackers with admin access to a PTA server to bypass authentication mechanisms. This vulnerability affects environments where multiple on-premises Active Directory domains are synced to a single Azure tenant, enabling attackers to log in as any synced user without needing their actual credentials.

The flaw arises from how PTA agents handle authentication requests from different on-premises domains. When a user attempts to sign in, the request is placed in a service queue and can be processed by any available PTA agent. Cymulate’s proof-of-concept attack demonstrates how an attacker can inject a malicious dynamic link library into the PTA agent. This manipulation allows the attacker to intercept and alter the credential validation process, effectively bypassing authentication checks and granting unauthorized access to user accounts across various domains.

Microsoft has rated this vulnerability as medium-severity, citing the requirement for attackers to first gain local admin access on the PTA server. While Microsoft plans to address the issue in future updates, the company has emphasized the need for organizations to treat PTA servers as Tier-0 components. This includes implementing stringent security controls, such as strict access management, enhanced monitoring, and network isolation, to mitigate the risk. However, many organizations do not currently adhere to these best practices, potentially leaving them vulnerable.

In response to the threat, Cymulate has recommended that Microsoft implement domain-aware routing to ensure that authentication requests are correctly directed to the appropriate PTA agent. Additionally, establishing strict logical separation between different on-premises domains within the same tenant could further enhance security. This vulnerability underscores the growing importance of securing hybrid identity environments, as attackers increasingly target cloud identity services to gain unauthorized access to enterprise systems and data.

Reference:

  • Unfixed Microsoft Entra ID Flaw Allows Bypass of Hybrid Identity Authentication
Tags: August 2024AuthenticationAzureCyber AlertsCyber Alerts 2024Cyber threatsMicrosoftMicrosoft Entra IDPTAVulnerability
ADVERTISEMENT

Related Posts

Windows Defender Flaw Enables Hijack

GPUGate Abuse of Google Ads and GitHub

September 9, 2025
Windows Defender Flaw Enables Hijack

Windows Defender Flaw Enables Hijack

September 9, 2025
Windows Defender Flaw Enables Hijack

Npm Packages Compromised In Attack

September 9, 2025
Atomic Stealer Masquerades As Cracked App

iCloud Calendar Used For Phishing Emails

September 9, 2025
Atomic Stealer Masquerades As Cracked App

Czech Cyber Agency Warns On Chinese Tech

September 9, 2025
Atomic Stealer Masquerades As Cracked App

Atomic Stealer Masquerades As Cracked App

September 9, 2025

Latest Alerts

Windows Defender Flaw Enables Hijack

Npm Packages Compromised In Attack

GPUGate Abuse of Google Ads and GitHub

iCloud Calendar Used For Phishing Emails

Czech Cyber Agency Warns On Chinese Tech

Atomic Stealer Masquerades As Cracked App

Subscribe to our newsletter

    Latest Incidents

    Hackers Steal Secrets In GitHub Attack

    Plex Users Told To Reset Passwords

    Lovesac Confirms Breach After Attack

    Azure Cloud Hit By Red Sea Cable Cuts

    Tenable Confirms Breach Of Customer Data

    US Probes Malicious Email On China Talks

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial