
Hackers Abuse Fake OAuth Client IDs to Validate Microsoft Entra Accounts and Passwords
Threat actors are spoofing OAuth application client IDs in Microsoft Entra ID authentication requests to identify valid accounts and credentials without producing a successful sign-in event, according to Proofpoint. The technique targets Microsoft’s OAuth 2.0 token endpoint via the Resource Owner Password Credentials (ROPC) flow. Attackers submit a username, password, and a chosen client_id value […]
The post Hackers Abuse Fake OAuth Client IDs to Validate Microsoft Entra Accounts and Passwords appeared first on Cyber Security News.