热点资讯微软承认 Azure 云服务存在漏洞,黑客可用他人账号登录三方网站
发布日期:2024-12-30 点击次数:162
IT之家 6 月 22 日消息,微软日前承认旗下 Azure 云服务中存在开放授权(OAuth) 漏洞,黑客可以利用该漏洞,使用他人的 Azure 账号登录第三方网站。
安全软件公司 Descope 研究人员将该漏洞命名为“nOAuth”,存在于 Azure 云服务的 Active Directory 中,黑客只需要创建一个具有管理员的 Azure 账号,并把该账号的电子邮件地址修改为他人的电子邮件地址,并利用“使用 Microsoft 登录”,即可使用他人的 Azure 账号登录第三方网站。
Descope 首席安全官 Imer Cohen 表示,微软在设计“身份验证”时存在缺陷,从而导致了 Azure 的 “nOAuth”漏洞,该漏洞可能会影响相当一部分 Azure 用户。
IT之家注意到,微软目前已经承认了该漏洞,并发布警告,提醒用户不要泄露自己的电子邮件信息,并告知第三方开发者不应当将 Token 内置于客户端中。
","gnid":"91da3f3c7517ce014","img_data":[{"flag":2,"img":[{"desc":"","height":"380","title":"","url":"http://p2.img.360kuai.com/t014ec628f893d26c94.jpg","width":"728"},{"desc":"","height":"652","title":"","url":"http://p1.img.360kuai.com/t01aafda282333f873e.jpg","width":"1084"},{"desc":"","height":"610","title":"","url":"http://p0.img.360kuai.com/t0183d64e59d7a3a4b4.jpg","width":"1089"},{"desc":"","height":"618","title":"","url":"http://p0.img.360kuai.com/t012cad5e53534d0ce0.jpg","width":"1084"}]}],"original":0,"pat":"art_src_1,fts0,sts0","powerby":"pika","pub_time":1687396035000,"pure":"","rawurl":"http://zm.news.so.com/c1cfa30f7695765901eac5a64e3645fe","redirect":0,"rptid":"46d49f496dd3cd37","rss_ext":[],"s":"t","src":"IT之家","tag":[{"clk":"ktechnology_1:微软","k":"微软","u":""},{"clk":"ktechnology_1:黑客","k":"黑客","u":""},{"clk":"ktechnology_1:azure","k":"azure","u":""},{"clk":"ktechnology_1:microsoft","k":"microsoft","u":""}],"title":"微软承认 Azure 云服务存在漏洞,黑客可用他人账号登录三方网站","type":"zmt","wapurl":"http://zm.news.so.com/c1cfa30f7695765901eac5a64e3645fe","ytag":"科技:互联网:互联网安全","zmt":{"brand":{},"cert":"IT之家官方账号","desc":"爱科技,爱这里 - 前沿科技人气平台","fans_num":29241,"id":"2951916302","is_brand":"0","name":"IT之家","new_verify":"5","pic":"http://p2.img.360kuai.com/t0184531af38acf0f81.jpg","real":1,"textimg":"http://p9.img.360kuai.com/bl/0_3/t017c4d51e87f46986f.png","verify":"0"},"zmt_status":0}","errmsg":"","errno":0}