high

Azure tenant takeover via Microsoft application

Published Fri, Apr 26th, 2024

Platforms

azure

Summary

A vulnerability in Microsoft Dynamics 365 Supply Chain Visibility allowed arbitrary takeover of Azure tenants via a malicious reply URL. Clicking a link could grant an attacker directory read access or full tenant control if clicked by a Global Admin, without requiring user consent.

Affected Services

Microsoft Entra ID, Microsoft Dynamics 365 Supply Chain Visibility

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://falconforce.nl/arbitrary-1-click-azure-tenant-takeover-via-ms-application/

Contributed by https://github.com/mer-b

Entry Status

Finalized

Disclosure Date

Sat, Nov 18th, 2023

Exploitability Period

Until 2024/01/29

Known ITW Exploitation

-

Detection Methods

Monitor for unexpected additions of users to high-privilege roles like Global Administrator. Review sign-in logs for suspicious access from unfamiliar IP addresses or locations.

Piercing Index Rating

-

Discovered by

Arnau Ortega, FalconForce

More vulnerabilities...

critical

AWS Amplify IAM role publicly assumable exposure

aws

The AWS Amplify service was found to be misconfiguring IAM roles associated with Amplify projects. This misconfiguration caused these roles to be assumable by any other AWS account. Both the Ampl...

Nick Frichette, Datadog
low

AWS Glue database password leakage

aws

A principal with the permissions glue:GetConnection and ec2:DescribeSubnets can retrieve the database password of a connection, since the password is loaded into the AWS console website when a conn...

Michael Werner, SEC Consult
low

AWS IAM Trust Policy Condition Evaluation Bug

aws

Tag variable names affected whether trust policy conditions were evaluated correctly. If the request tag referenced a principal tag called MemberRole in the JWT token, and the IAM role referenced ...

Stedi
View all