![]() The security researchers have given the vulnerability the name BigBang (ok, they named it BingBang, but I prefere BigBang). These credentials, in turn, granted access to users' private emails and documents. Furthermore, the security researchers suspect that the theft of Office 365 credentials from millions of Bing users was possible. Subsequently, search results could be changed. ![]() As a result, security researchers were able to hijack 's functions. This also affected the content management system (CMS) that powers. The attack vector is based on a common AAD misconfiguration that leaves misconfigured applications vulnerable to unauthorized access. Security researchers at Wiz describe a new attack vector they identified in Azure Active Directory (AAD) in the document in question. Hillai Ben-Sasson touched on the subject on Twitter, and Jeremy Kirk points to the Wiz blog post BingBang: How a simple developer mistake could have led to takeover in the following tweet. It's being called "the bug of the year", a misconfiguration allowed by Microsoft Azure, that opened a.
0 Comments
Leave a Reply. |