• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

Fairphone (Gen 6) review: Sustainability done the right way

July 29, 2025

Ninja Creami Deluxe ice cream maker review: If it’s icy, it’s easy

July 28, 2025

Samsung Galaxy Z Flip 7 review: The new flip phone champ

July 25, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Tech News»Users warned over Azure Active Directory authentication flaw
Tech News

Users warned over Azure Active Directory authentication flaw

September 14, 2022No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Users warned over Azure Active Directory authentication flaw
Share
Facebook Twitter LinkedIn Pinterest Email

Researchers at Secureworks’ Counter Risk Unit (CTU) have warned of a brand new and probably critical vulnerability affecting the pass-through authentication (PTA) hybrid identification authentication methodology utilized in Azure Energetic Listing (AD).

PTA is one in every of three authentication choices used for hybrid identities in Azure AD, the others being password-hash synchronisation (PHS) and identification federation.

It’s thought-about a superb possibility for organisations that can’t or don’t want to synchronise password hashes to the cloud, or mockingly people who want stronger authentication controls. In the case of identification federation, which is often applied with the AD Federation Providers (AD FS), PTA is commonly held to be safer – AD FS was notably exploited within the SolarWinds assault.

PTA works by putting in brokers on on-premise servers, as much as a most of 40 per tenant. When a consumer accesses a service utilizing the Azure AD identification platform, corresponding to Microsoft 365, and supplies their credentials, Azure AD encrypts them and sends an authentication request to one of many brokers, which decrypts these credentials, logs in with them, and returns the outcomes to the consumer.

Nonetheless, the CTU analysis staff has now demonstrated a profitable proof of idea (PoC) for an exploit that if left unchecked can be utilized by a menace actor to take advantage of the PTA’s core set up processes and steal the agent’s identification by exporting the certificates that it makes use of for certificate-based authentication (CBA).

With this certificates handy, a menace actor can carry out quite a lot of malicious actions, because the CTU staff defined in its disclosure discover.

See also  How to join a Microsoft Teams meeting

“The compromised certificates can be utilized with the attacker-controlled PTA agent to create an undetectable backdoor, permitting menace actors to log in utilizing invalid passwords, collect credentials and carry out distant denial of service assaults,” stated the staff. “Attackers can renew the certificates when it expires to take care of persistence within the community for years. A compromised certificates can’t be revoked by an organisation’s directors.”

Nonetheless, having shared the analysis with Microsoft some months in the past, Microsoft has insisted PTA is working as supposed and has given no indication of any plans to deal with the vulnerability.

The Microsoft Safety Response Middle stated: “Our staff accomplished the evaluation for this concern and we perceive that the assault floor for this requires compromising a excessive safety asset by gaining administrative entry within the first place.

“If the client adopted our hardening steering however the attacker nonetheless has entry to the server that runs the PTA agent then they already had entry to the consumer credentials, therefore we consider this vulnerability in itself doesn’t pose an extra danger.

“As a mitigation mechanism, we do have the power to dam brokers on the server facet based mostly on buyer escalations and moreover we’re trying into methods to enhance our audit logs as an improved detection mechanism.”

However, the Secureworks CTU is recommending Azure AD customers carry out the next actions to guard their tenants:

  • Deal with all on-premise hybrid identification parts, together with servers with PTA brokers, as tier zero servers;
  • Take into account adopting different hybrid authentication strategies, corresponding to PHS or identification federation;
  • Monitor for exercise indicative of compromise, corresponding to somebody logging in with an incorrect password – this exercise will be seen within the Azure AD portal, additionally by way of the beta model of the Microsoft Graph sign-ins report. If a probably compromised PTA agent is seen, it may be invalidated by making a help request within the Azure AD portal.
  • Introduce multi-factor authentication to forestall cyber criminals exploiting a PTA agent.
See also  A YouTuber just uncovered the American Sailor Moon’s first episode

Source link

active Authentication Azure Directory flaw Users warned
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Stuck in the Past? This Many iPhone Users Haven’t Upgraded to iOS 18

June 7, 2025

Are European iPhone Users About to Start Losing Features?

June 3, 2025

10 iPhone Features That Users Find Annoying

May 26, 2025

Huawei Watch Fit 4 Pro review: An Apple Watch Ultra for Android users

May 26, 2025
Add A Comment

Comments are closed.

Editors Picks

Many Entrepreneurs Lack Supporting Networks So Can An Audio App Solve The Problem?

October 11, 2022

Karta.io joins Visa Fintech Fast Track programme

November 1, 2022

Has Apple Blocked Fortnite’s Triumphant Return?

May 16, 2025

LSEG and Mizuho join forces for sustainability

November 12, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Fairphone (Gen 6) review: Sustainability done the right way

Ninja Creami Deluxe ice cream maker review: If it’s icy, it’s easy

Samsung Galaxy Z Flip 7 review: The new flip phone champ

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.