An Azure Active Directory (Azure AD) authentication issue that might have allowed threat actors to increase their privileges and possibly completely take control of the target’s account has been fixed by Microsoft. Account and privilege escalation attacks against Azure AD OAuth applications set up to use the email claim from access tokens for authorization could take advantage of this misconfiguration.
To leverage the “Log in with Microsoft” option for authorisation on the vulnerable app or website, an attacker merely needed to modify the email address on their Azure AD admin account to the victim’s email address. If the targeted resources permitted using email addresses as unique identifiers throughout the authorisation procedure, this gives them total control over the target’s account.