Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra ID. A flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers – notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/noauth-lives-on-in-cloud-app-logins-using-entra-id-a-28811
