{"author_url":"https://blog.hatena.ne.jp/security-lab/","url":"https://vul.hatenadiary.com/entry/2023/06/20/000000_2","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/s/security-lab/20230703/20230703155752.png","description":"\u3010\u8a33\u3011\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u308a\u3092\u53ef\u80fd\u306b\u3059\u308bAzure AD\u8a8d\u8a3c\u306e\u6b20\u9665\u3092\u4fee\u6b63 \u3010\u56f3\u8868\u3011 nOAuth\u653b\u6483\u306e\u6d41\u308c\uff08Descope\uff09 \u51fa\u5178: https://www.bleepingcomputer.com/news/security/microsoft-fixes-azure-ad-auth-flaw-enabling-account-takeover/ \u3010\u30cb\u30e5\u30fc\u30b9\u3011 \u25c6Microsoft fixes Azure AD auth flaw enabling account takeover (BleepingComputer, 2023/06/20 12:38) [\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u3001\u30a2\u30ab\u30a6\u2026","published":"2023-06-20 00:00:00","width":"100%","author_name":"security-lab","categories":["Azure AD","\u8106\u5f31\u6027: nOAuth","\u30d9\u30f3\u30c0\u30fc: Microsoft"],"blog_url":"https://vul.hatenadiary.com/","provider_url":"https://hatena.blog","blog_title":"TT \u8106\u5f31\u6027 Blog","type":"rich","version":"1.0","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fvul.hatenadiary.com%2Fentry%2F2023%2F06%2F20%2F000000_2\" title=\"Microsoft fixes Azure AD auth flaw enabling account takeover - TT \u8106\u5f31\u6027 Blog\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","height":"190","title":"Microsoft fixes Azure AD auth flaw enabling account takeover","provider_name":"Hatena Blog"}