Skip To Content

Security Blog

Cybersecurity knowledge and tools from the Praetorian team.

Viewing articles by
in
Cloud Security   in   authorization

Technical Advisory – Azure B2C – Crypto Misuse and Account Compromise

Microsoft’s Azure Active Directory B2C service contained a cryptographic flaw which allowed an attacker to craft an OAuth refresh token with the contents for any user account. An attacker could redeem this refresh token for a session token, thereby gaining access to a victim account as if the attacker had logged in through a legitimate […]

Read Article

We don't support Internet Explorer

Please use Chrome, Safari, Firefox, or Edge to view this site.