Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL.
“An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens,” Secureworks Counter Threat Unit (

This entry was posted in Uncategorized and tagged .

Leave a Reply

Your email address will not be published. Required fields are marked *