low

Azure AD Seamless SSO logging bypass

Published Wed, Sep 29th, 2021

Platforms

Summary

Azure Active Directory Seamless Single Sign-On feature allowed single-factor brute-force attacks against Azure AD without generating sign-in events in the targeted organization’s tenant.

Affected Services

Azure AD Seamless SSO

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks

Contributed by https://github.com/korniko98

Entry Status

Finalized

Disclosure Date

Tue, Jun 29th, 2021

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Secureworks

More vulnerabilities...

low

Azure AD Seamless SSO logging bypass

Azure Active Directory Seamless Single Sign-On feature allowed single-factor brute-force attacks against Azure AD without generating sign-in events in the targeted organization’s tenant.

Secureworks

Wed, Sep 29th, 2021

low

Exfiltrate data via the logs of GCP Org policy

Upon blocking a request, GCP Org policy constraints were logging the deny logs in Principal''s project and the blocking project. An attacker could use those logs to exfiltrate any data, by making r...

Jonathan Rault, TrustOnCloud

Wed, Sep 22nd, 2021

low

Exfiltrate data via the logs of GCP Org policy

Jonathan Rault, TrustOnCloud

Wed, Sep 22nd, 2021

View all