Critical Bypass of Azure AD Conditional Access Discovered
Severity: High (Score: 68.0)
Sources: Gbhackers, Cybersecuritynews
Summary
An authorized red team operation by Howler Cell has revealed a method to bypass Microsoft Entra ID (formerly Azure AD) Conditional Access. This security feature is crucial for cloud identity management, enforcing access based on user location, device compliance, and risk scores. The attack exploits phantom device registration and PRT abuse, allowing unauthorized access to systems that rely on this security. The full scope of affected organizations is currently unknown, but the implications for cloud security are significant. Microsoft has not yet released a patch or mitigation strategy for this vulnerability. Security teams are advised to review their Conditional Access configurations and monitor for suspicious activities. The attack highlights the need for enhanced security measures in cloud identity systems. Key Points: • Howler Cell's red team engagement demonstrated a bypass of Azure AD Conditional Access. • The attack method involves phantom device registration and PRT abuse. • No patch or mitigation strategy has been released by Microsoft as of now.
Key Entities
- Howler Cell (apt_group)
- Azure (company)