Microsoft Fixes a Flaw with Third-Party Authentication
Cyware | December 03, 2019
OAuth is a standard protocol that allows users to share data with other applications without having to enter their credentials every time. This particular flaw was in the way the Microsoft applications used OAuth to authenticate third-party applications. The OAuth 2.0 flow in Microsoft applications allowed the applications to trust domains and sub-domains that are not registered by Microsoft. Three applications—Portfolios, Office 365 Secure Score, and Microsoft Trust Service— were found to be trusting the unregistered domains and sub-domains.