In a recent statement, Microsoft acknowledged a critical vulnerability in its main cloud service Azure that could expose user accounts to unauthorized access. The vulnerability, dubbed “nOAuth” by Descope, a well-known security software company, resides in Azure Active Directory and allows hackers to access third-party sites using compromised Azure accounts.

To exploit this vulnerability, hackers simply need to create an Azure account with administrative privileges and replace the account’s email address with an unsuspecting user’s email address. Using the Sign in with Microsoft feature, hackers can easily log in to third-party sites by maliciously exploiting a compromised Azure account.

This vulnerability potentially affects a significant portion of Azure users

The “nOAuth” vulnerability in Microsoft Azure Active Directory poses a number of risks to the system and its users. This allows hackers to gain unauthorized access to user accounts, potentially leading to data leaks, account hijacking and manipulation of sensitive information.

Compromised Azure accounts can be used to log into third-party sites, putting these services and their users at risk. Consequences include financial loss, reputational damage, and potential legal consequences. Microsoft’s swift actions, such as patching vulnerabilities, strengthening security measures, and educating users, are crucial to mitigating these risks and protecting user accounts and data.

It is also critical for users to be vigilant and report any suspicious activity in tackling this vulnerability. Descope security chief Imer Cohen stated that this vulnerability is caused by a flaw in Microsoft’s authentication design, which leads to the “nOAuth” vulnerability. The impact of this violation is significant,

After the breach was discovered, Microsoft acknowledged the vulnerability and issued a warning urging all users to be cautious and refrain from sharing information about their emails. Microsoft is making every effort to address this vulnerability, fulfill its commitment to user security, and take preventive measures to protect the cloud service. Users are advised to exercise caution, update their account settings regularly, and use strong, unique passwords to reduce the risk of unauthorized access.