One Token to rule them all – Obtaining Global Admin in every Entra ID tenant dirkjanm.io 60 points by colinprince 4 hours ago
pcj-github a few seconds ago Absolutely insane. Security so weak, it seems like you discovered an intentional backdoor.
userbinator an hour ago failed to properly validate the originating tenantOne wonders whether those who designed all this ever considered what that field in the token is for.The word "tenant" is also very telling --- you're just renting, and the "landlord" always has the keys.
rootsudo an hour ago Oh man, I was close with this a few times as I ran powershell in different ISE windows and sometimes copied/pasted things over for different tenants, darn - it really seemed so obvious of an exploit!
Absolutely insane. Security so weak, it seems like you discovered an intentional backdoor.
failed to properly validate the originating tenant
One wonders whether those who designed all this ever considered what that field in the token is for.
The word "tenant" is also very telling --- you're just renting, and the "landlord" always has the keys.
Wow the keys to all the enterprise castles! That’s wild!
Oh man, I was close with this a few times as I ran powershell in different ISE windows and sometimes copied/pasted things over for different tenants, darn - it really seemed so obvious of an exploit!
Was there a bounty?