Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs – .:: CHASLES CORP. ::.

Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw
CISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV Catalog
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware
Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence

Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw
CISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV Catalog
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware
Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence

unfixed-microsoft-entra-id-authentication-bypass-threatens-hybrid-ids

_ 19 August 2024_ _ 0 Comments

Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs

Cymulate’s proof-of-concept attack demonstrates how multiple on-premises domains syncing to a single Azure tenant can lead to credential mishandling, potentially allowing unauthorized access to different domains.

4

Author