One Token to rule them all β Obtaining Global Admin in every Entra ID tenant
73 points - yesterday at 11:03 PM
Sourceuserbinator
today at 1:50 AM
failed to properly validate the originating tenant
One wonders whether those who designed all this ever considered what that field in the token is for.
The word "tenant" is also very telling --- you're just renting, and the "landlord" always has the keys.
malnourish
today at 3:20 AM
I imagine this paid out quote the bounty; exploited, it's hard to think of a more damning security flaw.
pcj-github
today at 2:59 AM
Absolutely insane. Security so weak, it seems like you discovered an intentional backdoor.
cr125rider
today at 1:32 AM
Wow the keys to all the enterprise castles! Thatβs wild!
Oh man, I was close with this a few times as I ran powershell in different ISE windows and sometimes copied/pasted things over for different tenants, darn - it really seemed so obvious of an exploit!