A recent security investigation by Semperis has uncovered a critical vulnerability in Microsoft Entra ID (formerly Azure Active Directory) integrations, which can lead to complete account takeover in certain Software-as-a-Service (SaaS) applications.
The flaw, dubbed “nOAuth abuse,” enables attackers to hijack user accounts across tenant...