Posted May 27, 2024May 27 Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD (AAD) applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege. An attacker can falsify the email claim in tokens issued to applications. Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.