BlackDirect: a vulnerability in Microsoft OAuth 2.0 may allows attackers to takeover Microsoft and Azure Accounts

Security researcher Omer Tsarfati from CyberArk has discovered [1] a vulnerability in Microsoft’s OAuth implementation that may allows attacker to create authentication tokens with the victim’s permissions. This could let a malicious attacker access and …