Hackers Abuse Azure AD Abandoned Reply URLs to Escalate Privilege

From gbhackers.com

Recent reports indicate that there has been a privilege escalation vulnerability discovered, which arises due to abandoned Active Directory URLs.

Threat actors can use this flaw to gain illegal authorization codes that can be used against Microsoft Power Platform API to gain access tokens and escalate their privileges.

Microsoft has patched these vulnerabilities as soon as they were reported. However, there are certain limitations for users to mitigate this issue. 

Read more…