BlackDirect - Microsoft Azure Account Takeover

Hi everyone,
There is new research we publish lately about a vulnerability we found called “BlackDirect”.
BlackDirect is a vulnerability that allows attackers to take over Microsoft and Azure Accounts.
The vulnerability exists within specific Microsoft-created Azure applications that trust unregistered URLs.
Attackers can take ownership of these URLs, which will allow them to use the victims’ permissions to hijack identity tokens. Once they have the identity tokens, the attacker can impersonate the victims and perform malicious actions on their behalf.
For more technical information, visit our blog post about BlackDirect.

Besides that, we developed a free and automatic scan for everyone to be able to discover similar vulnerable applications in their Azure environment.
The scan is available from the website: https://black.direct/

3 Likes

Very cool! Great blog post - very interesting to see the history of the reported vulnerability and Microsoft’s response.