Microsoft Entra ID-Azure-Vulnerability: The Perils of Neglected URLs.

Reading Time: ( Word Count: )

August 28, 2023

Cybersecurity experts have uncovered a vulnerability linked to Microsoft Entra ID (previously known as Azure Active Directory) applications due to a neglected reply URL.

Using this unattended URL, malefactors could redirect authorization codes to themselves. “By misappropriating these codes, intruders can then obtain access tokens,” remarked Secureworks Counter Threat Unit (CTU) in a detailed review shared recently.

Such perpetrators could subsequently interface with the Power Platform API via an intermediary service to secure heightened privileges.

Post the timely alert to Microsoft on April 5, 2023, the tech giant rectified the concern by releasing an update the very next day. For the wider community’s benefit, Secureworks has provided a freely accessible tool to detect any disregarded reply URLs.

In the context of digital authentication, a reply URL or a redirect URI signifies the endpoint to which the authorization server redirects a user after the successful validation of an app, ensuring the provision of an authorization code or an access token.

Also Read: French Unemployment Agency Reports Data Breach Affecting 10 Million People

Microsoft Entra ID-Azure- Vulnerability

Microsoft, in its guidance, emphasizes the significance of pinpointing the appropriate redirect location during the app’s setup phase.

Through their investigation, Secureworks CTU spotted a deserted reply URL of a Dynamics Data Integration app linked with the Azure Traffic Manager profile. This flaw allowed unauthorized access to the Power Platform API through an intermediary service, further facilitating unauthorized modifications in the system configurations.

Picturing a potential breach, malefactors might have harnessed this loophole to claim the system administrator’s role for a pre-existing service entity, erase an environment, and misuse the Azure AD Graph API to garner details about the targeted entity, laying the groundwork for further malicious endeavors.

However, this strategy hinges on the victim’s inadvertent click on a deceitful link, which would then direct the authorization code, dispensed by Microsoft Entra ID upon signing in, to a URL controlled by the malefactor.

Meanwhile, a recent expose by Kroll showcased a surge in phishing drives masked as DocuSign communications that exploit open redirects. These cunning maneuvers allow adversaries to craft and disseminate URLs that reroute potential victims to a harmful platform upon activation.

Kroll’s cybersecurity expert, George Glass, elaborated, “Crafting a link that exploits a reputable domain makes it easier for the ill-intentioned to lure users into activating the link. Furthermore, it could also hoodwink security systems scanning for malicious links.”

The upshot? Unsuspecting users are channelled to malevolent platforms devised to pilfer vital data, ranging from login details to personal credentials or financial information.




Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Amazon Mistakenly Sends Out Gift Card Confirmations

Amazon Mistakenly Sends Out Gift Card Confirmations

Amazon unintentionally dispatched purchase confirmation emails regarding, Google Play, and Mastercard ...
FBI Flags Escalating Trend of Paired Ransomware Threats

FBI Flags Escalating Trend of Paired Ransomware Threats

The U.S. Federal Bureau of Investigation (FBI) has issued an alert regarding a rising trend of dual ransomware ...
Unraveling the Mystery Behind Discord’s Recent Block Message

Unraveling the Mystery Behind Discord’s Recent Block Message

Users of the renowned communication tool Discord were taken aback today when they were greeted with an alarming ...
Best Phishing Tools for Ethical Hacking in 2023

Best Phishing Tools for Ethical Hacking in 2023

Phishing is one of the most prevalent cyber threats today, seeking to exploit human vulnerabilities rather than ...

Submit a Comment

Your email address will not be published. Required fields are marked *