nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications www.semperis.com/blog/noau…

The nOAuth vulnerability exposes a critical authentication flaw in vulnerable software-as-a-service (SaaS) applications. With only access to an Entra tenant—a low barrier—and the target user’s email address, an attacker can take over that user’s account in the vulnerable application. From there, the attacker can access all the data that the target has access to within that application.

This article details the Semperis Security Research Team’s exploration of nOAuth, focused on applications in the Microsoft Entra App Gallery. We discovered nine vulnerable applications, including those that might hold personally identifiable information (PII).