Microsoft’s “nOAuth” Fiasco: A Comedy of Unsecured Errors in SaaS Security
Entra ID’s nOAuth flaw still haunts 15,000 SaaS apps, making it the ghost of vulnerabilities past. Even with fancy security measures, attackers can still crash the enterprise party with just an email address and an Entra tenant. Who knew identity theft could be this easy?
Hot Take:
Who would’ve thought that a flaw named “nOAuth” could make everyone say “Oh no”? Microsoft’s Entra ID vulnerability has been lounging around for two years, sipping on digital piña coladas while leaving the door open for cybercriminals. The fact that 15,000 SaaS applications are still rolling out the red carpet for potential attackers is like finding out your security guard has been napping on the job since 2023. Time to wake up, folks!
Key Points:
- nOAuth vulnerability affects Microsoft’s Entra ID, leading to account takeovers and data leaks.
- Discovered in 2023, this flaw still threatens over 15,000 SaaS applications.
- Traditional security measures like MFA and Zero Trust are useless against nOAuth.
- SaaS vendors remain blissfully unaware of the flaw’s existence.
- Semperis suggests following Microsoft’s recommendations and improving log correlation to mitigate threats.
Already a member? Log in here