If you haven't seen the Microsoft OAuth vulnerability yet, you need to check it out. #nOAuth Anyone in the world is able to access your apps AS YOU with MS OAuth if the app is configured to use email as the account identifier. Next tweet contains a video demo:
— C.J. May (@lawndoc) Jun 21, 2023
from Twitter https://twitter.com/lawndoc
June 21, 2023 at 12:47PM
via IFTTT
If you haven't seen the Microsoft OAuth vulnerability yet, you need to check it out. #nOAuth Anyone in the world is able to access your apps AS YOU with MS OAuth if the app is configured to use email as the account identifier. Next tweet contains a video demo:
lawndoc
https://twitter.com/lawndoc/status/1671560540290953217
https://ift.tt/HFydnph
