
Sign up to save your podcasts
Or


This week, we are joined by Eric Woodruff, Chief Identity Architect at Semperis, discussing "nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications". Semperis researchers identified a critical authentication flaw known as nOAuth in 9 out of 104 tested SaaS applications integrated with Microsoft Entra ID.
This low-complexity but severe vulnerability allows attackers with just a user’s email address and access to an Entra tenant to impersonate users, exfiltrate data, and move laterally within affected apps—with no viable defense or detection available to customers. The findings spotlight ongoing risks tied to improper use of email claims in authentication and emphasize the urgent need for SaaS vendors to adopt secure OpenID Connect practices and remediate vulnerable applications.
Complete our annual audience survey before August 31.
The research can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices
By N2K Networks4.8
10061,006 ratings
This week, we are joined by Eric Woodruff, Chief Identity Architect at Semperis, discussing "nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications". Semperis researchers identified a critical authentication flaw known as nOAuth in 9 out of 104 tested SaaS applications integrated with Microsoft Entra ID.
This low-complexity but severe vulnerability allows attackers with just a user’s email address and access to an Entra tenant to impersonate users, exfiltrate data, and move laterally within affected apps—with no viable defense or detection available to customers. The findings spotlight ongoing risks tied to improper use of email claims in authentication and emphasize the urgent need for SaaS vendors to adopt secure OpenID Connect practices and remediate vulnerable applications.
Complete our annual audience survey before August 31.
The research can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices

188 Listeners

2,009 Listeners

1,657 Listeners

369 Listeners

375 Listeners

1,534 Listeners

648 Listeners

317 Listeners

421 Listeners

8,051 Listeners

178 Listeners

313 Listeners

192 Listeners

73 Listeners

136 Listeners