CP
cyberpings
VulnerabilitiesHIGH

Azure Vulnerabilities - New Sign-In Log Bypass Discovered

TSTrustedSec Blog
Azure Entra IDsign-in log bypassGraphGoblinauthentication vulnerabilities
🎯

Basically, hackers found ways to log in to Azure without leaving a trace.

Quick Summary

Two new Azure sign-in log bypasses have been discovered, allowing attackers to access tokens without detection. This poses a serious risk to organizations relying on Azure for authentication. Stay informed and take action to protect your data.

What Happened

In a recent disclosure, a security researcher revealed two new vulnerabilities in Azure Entra ID's sign-in log system. These vulnerabilities allow attackers to bypass logging mechanisms, which are crucial for monitoring unauthorized access attempts. By crafting specific login requests, attackers can retrieve valid tokens without any logs being generated, making it difficult for administrators to detect potential intrusions.

This discovery marks the third and fourth bypasses found since 2023, highlighting ongoing issues with Azure's authentication logging. The researcher, known as Nyxgeek, emphasizes the importance of awareness regarding these vulnerabilities, especially as they have been fixed but still pose a risk if similar flaws are present in the future.

Who's Affected

The vulnerabilities primarily affect organizations that rely on Azure Entra ID for authentication. With many businesses using Azure for critical services, the implications of these bypasses are significant. If attackers exploit these vulnerabilities, they can validate passwords and obtain access tokens without any record of their activity, undermining security protocols.

Administrators and security teams across various sectors should be particularly vigilant. This includes businesses in finance, healthcare, and any industry that handles sensitive data. The potential for unauthorized access without detection poses a serious threat to data integrity and security.

What Data Was Exposed

While the specific data accessed through these bypasses can vary, the primary concern is the retrieval of valid authentication tokens. These tokens can grant attackers access to various resources and services within Azure, depending on the permissions assigned to the compromised accounts.

The lack of logging means that any successful exploitation could go unnoticed, allowing attackers to operate freely within the affected environments. This raises concerns about the overall security posture of organizations using Azure Entra ID, especially if they are unaware of these vulnerabilities.

What You Should Do

Organizations using Azure Entra ID should take immediate action to review their security measures. Here are some recommended steps:

  • Implement Monitoring: Enhance monitoring of authentication attempts and unusual access patterns.
  • Educate Staff: Ensure that IT and security teams are aware of these vulnerabilities and understand how to detect potential breaches.
  • Review Access Controls: Regularly review permissions and access controls associated with Azure accounts to minimize risks.
  • Stay Updated: Keep abreast of updates from Microsoft regarding Azure vulnerabilities and apply patches promptly.

By taking proactive measures, organizations can better safeguard their systems against these types of vulnerabilities and reduce the likelihood of unauthorized access.

🔒 Pro insight: These bypasses reveal critical flaws in Azure's logging mechanisms, emphasizing the need for enhanced security reviews and monitoring practices.

Original article from

TrustedSec Blog

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Vulnerabilities - Multiple Privilege Escalation Risks Found

Multiple privilege escalation vulnerabilities have been discovered in Arturia Software Center for MacOS. Users of version 2.12.0.3157 are at risk. Immediate action is needed to secure systems until a fix is available.

Full Disclosure·
HIGHVulnerabilities

Vulnerabilities in iOS and macOS - Security Updates Released

Apple has released important security updates for iOS and macOS. These updates fix a critical vulnerability in WebKit that could expose users to risks. It's crucial for all users to update their devices immediately to ensure safety.

Full Disclosure·
HIGHVulnerabilities

iOS Vulnerabilities - DarkSword Exploit Kit Uncovered

DarkSword, a new iOS exploit kit, has been uncovered, targeting vulnerabilities in iPhones. Millions of users are at risk of data theft. It's crucial to update your devices now to stay protected.

Help Net Security·
MEDIUMVulnerabilities

PEGA Infinity Platform - Multiple Vulnerabilities Discovered

SEC Consult has revealed multiple vulnerabilities in the PEGA Infinity platform. Users of affected versions should act quickly to install patches. Failure to do so could lead to unauthorized access and data breaches. Stay secure by updating your systems now.

Full Disclosure·
CRITICALVulnerabilities

Telnet Vulnerability - Critical Flaw Enables Remote Code Execution

A critical flaw in Telnet allows remote code execution as root, exposing legacy systems to serious risks. Immediate action is needed to protect vulnerable infrastructure. Stay informed and take steps to secure your systems.

CSO Online·
HIGHVulnerabilities

Vulnerability - Local Privilege Escalation in Ubuntu Snap

A critical vulnerability in Ubuntu Desktop allows unprivileged users to gain root access. This flaw, CVE-2026-3888, poses significant security risks. Users should stay updated and limit unprivileged access to their systems.

Full Disclosure·