• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

The Nothing Headphone (1) is totally bizarre in the best kind of way

July 1, 2025

Apple Drops MLS Season Pass to Half-Price

July 1, 2025

Apple’s Next MacBook Might Have More in Common With Your iPhone Than You Think

July 1, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Tech News»Users warned over Azure Active Directory authentication flaw
Tech News

Users warned over Azure Active Directory authentication flaw

September 14, 2022No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Users warned over Azure Active Directory authentication flaw
Share
Facebook Twitter LinkedIn Pinterest Email

Researchers at Secureworks’ Counter Risk Unit (CTU) have warned of a brand new and probably critical vulnerability affecting the pass-through authentication (PTA) hybrid identification authentication methodology utilized in Azure Energetic Listing (AD).

PTA is one in every of three authentication choices used for hybrid identities in Azure AD, the others being password-hash synchronisation (PHS) and identification federation.

It’s thought-about a superb possibility for organisations that can’t or don’t want to synchronise password hashes to the cloud, or mockingly people who want stronger authentication controls. In the case of identification federation, which is often applied with the AD Federation Providers (AD FS), PTA is commonly held to be safer – AD FS was notably exploited within the SolarWinds assault.

PTA works by putting in brokers on on-premise servers, as much as a most of 40 per tenant. When a consumer accesses a service utilizing the Azure AD identification platform, corresponding to Microsoft 365, and supplies their credentials, Azure AD encrypts them and sends an authentication request to one of many brokers, which decrypts these credentials, logs in with them, and returns the outcomes to the consumer.

Nonetheless, the CTU analysis staff has now demonstrated a profitable proof of idea (PoC) for an exploit that if left unchecked can be utilized by a menace actor to take advantage of the PTA’s core set up processes and steal the agent’s identification by exporting the certificates that it makes use of for certificate-based authentication (CBA).

With this certificates handy, a menace actor can carry out quite a lot of malicious actions, because the CTU staff defined in its disclosure discover.

See also  Does DoorDash Charge iPhone Users More Than Android Users for the Same Food?

“The compromised certificates can be utilized with the attacker-controlled PTA agent to create an undetectable backdoor, permitting menace actors to log in utilizing invalid passwords, collect credentials and carry out distant denial of service assaults,” stated the staff. “Attackers can renew the certificates when it expires to take care of persistence within the community for years. A compromised certificates can’t be revoked by an organisation’s directors.”

Nonetheless, having shared the analysis with Microsoft some months in the past, Microsoft has insisted PTA is working as supposed and has given no indication of any plans to deal with the vulnerability.

The Microsoft Safety Response Middle stated: “Our staff accomplished the evaluation for this concern and we perceive that the assault floor for this requires compromising a excessive safety asset by gaining administrative entry within the first place.

“If the client adopted our hardening steering however the attacker nonetheless has entry to the server that runs the PTA agent then they already had entry to the consumer credentials, therefore we consider this vulnerability in itself doesn’t pose an extra danger.

“As a mitigation mechanism, we do have the power to dam brokers on the server facet based mostly on buyer escalations and moreover we’re trying into methods to enhance our audit logs as an improved detection mechanism.”

However, the Secureworks CTU is recommending Azure AD customers carry out the next actions to guard their tenants:

  • Deal with all on-premise hybrid identification parts, together with servers with PTA brokers, as tier zero servers;
  • Take into account adopting different hybrid authentication strategies, corresponding to PHS or identification federation;
  • Monitor for exercise indicative of compromise, corresponding to somebody logging in with an incorrect password – this exercise will be seen within the Azure AD portal, additionally by way of the beta model of the Microsoft Graph sign-ins report. If a probably compromised PTA agent is seen, it may be invalidated by making a help request within the Azure AD portal.
  • Introduce multi-factor authentication to forestall cyber criminals exploiting a PTA agent.
See also  Walkabout Mini Golf Labyrinth Release Date Revealed with Larger Multiplayer Lobbies

Source link

active Authentication Azure Directory flaw Users warned
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Stuck in the Past? This Many iPhone Users Haven’t Upgraded to iOS 18

June 7, 2025

Are European iPhone Users About to Start Losing Features?

June 3, 2025

10 iPhone Features That Users Find Annoying

May 26, 2025

Huawei Watch Fit 4 Pro review: An Apple Watch Ultra for Android users

May 26, 2025
Add A Comment

Comments are closed.

Editors Picks

Verto and Locusnine partner for cross-border payments

August 20, 2022

NordVPN Free Trial: Try the Service for Free for a Month

September 9, 2022

Intel Core Ultra 9 285K To Reach 5.7 GHz Boost

July 18, 2024

Twitter’s edit button is a big test of the platform’s future

September 4, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

The Nothing Headphone (1) is totally bizarre in the best kind of way

Apple Drops MLS Season Pass to Half-Price

Apple’s Next MacBook Might Have More in Common With Your iPhone Than You Think

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.