Back to directory
WRITEUP #1551

Technical Advisory – Azure B2C – Crypto Misuse and Account Compromise

Auth BypassCryptographic issuesJWTAccount takeoverAuthentication bypass
byJohn Novak
Program
Microsoft (Azure)
Published
Feb 15, 2023
Added to HackDex
Feb 22, 2023
Read Full Writeuphttps://www.praetorian.com/blog/azure-b2c-crypto-misuse-and-account-compromise/
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover
Breaking the Barrier: Admin Panel Takeover Worth $3500
Auth BypassAuthentication bypass

Built with ❤️ by Shubham Rawat