Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

nOAuth Flaw Allows Easy Account Takeover

June 27, 2025
Reading Time: 2 mins read
in Alerts
Open VSX Flaw Allowed Extension Hijacks

A critical authentication vulnerability, which is now known by the name nOAuth abuse, has emerged as a severe threat. It specifically targets Microsoft Entra ID integrated software-as-a-service, or SaaS, applications, enabling attackers to take over accounts. This vulnerability exploits fundamental flaws in how application developers have chosen to implement their OpenID Connect authentication. The attack leverages anti-patterns where developers use email addresses as the unique user identifiers for their online applications.

The nOAuth vulnerability was initially disclosed by Omer Cohen of Descope on June 20, 2023, highlighting the issue.

Recent research that was conducted by the security analysts at Semperis has revealed the continued prevalence of this vulnerability. In comprehensive testing of over one hundred applications from the Microsoft Entra App Gallery, researchers identified multiple applications. These applications were found to be vulnerable to nOAuth abuse, representing approximately nine percent of all of the tested platforms.

The nOAuth abuse mechanism exploits a fundamental weakness in cross-tenant authentication flows within the Entra ID environments. The attack begins when an adversary creates or modifies a user account in their own controlled Entra tenant. They set the mail attribute to match that of their intended victim in a separate, targeted business organization. Microsoft Entra ID permits users to have unverified email addresses to support its guest user account functionality.

This unfortunately creates the foundational vulnerability that is now being actively exploited by many different online attackers.

This attack successfully circumvents many traditional security controls including the now widely used multifactor authentication protections. The authentication appears to be completely legitimate from the application’s perspective, making it very difficult to detect. The vulnerability’s persistence stems from the architectural decision to rely on mutable claims rather than immutable claims. This technical oversight creates a persistent attack vector that will remain viable until application developers implement proper controls.

Reference:

  • Microsoft Entra ID Flaw Allows Easy Account Takeover In Many SaaS Apps
Tags: APT28Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJune 2025RussiaSignalUkraine
ADVERTISEMENT

Related Posts

Malicious npm Packages Deliver Protestware

Matanbuchus Malware Spread via Teams Voice

July 18, 2025
Malicious npm Packages Deliver Protestware

Hackers Host Amadey Malware via GitHub Repos

July 18, 2025
Malicious npm Packages Deliver Protestware

Malicious npm Packages Deliver Protestware

July 18, 2025
Malicious Telegram APK Campaign Uncovered

Malicious Telegram APK Campaign Uncovered

July 17, 2025
SonicWall Zero-Day RCE Exploited

Stealthy JavaScript Attacks via SVG Files

July 17, 2025
SonicWall Zero-Day RCE Exploited

SonicWall Zero-Day RCE Exploited

July 17, 2025

Latest Alerts

Matanbuchus Malware Spread via Teams Voice

Hackers Host Amadey Malware via GitHub Repos

Malicious npm Packages Deliver Protestware

Malicious Telegram APK Campaign Uncovered

Stealthy JavaScript Attacks via SVG Files

SonicWall Zero-Day RCE Exploited

Subscribe to our newsletter

    Latest Incidents

    Stormous Hits North Country Health

    BigONE Crypto Exchange $27M Hit

    Co-op Data Stolen of 6.5M Members

    Cyberattack Strikes Air Serbia

    Customer Data Breach at Seychelles Bank

    Ukrainian Hack Hits Russian Drone Firm

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial