Hi everyone,
There is new research we publish lately about a vulnerability we found Microsoft’s Azure.
This vulnerability could be used by attackers to take over Azure Accounts by exploiting a misconfiguration bug in Azure Portal’s manifest.
Due to this misconfiguration, the Azure portal sent sensitive access tokens to a non-existing domain. Leaking this sensitive token could let malicious attackers compromise numerous Azure accounts.
For more technical information, visit our blog post: I Know What Azure Did Last Summer