Hackers Spoof 3.7 Million OAuth Client IDs to Stealthily Enumerate 2 Million Entra ID Users

Threat actors are increasingly exploiting spoofed OAuth client IDs to enumerate Microsoft Entra ID accounts and identify potentially valid credentials while evading traditional detection methods, according to recent research from Proofpoint. OAuth client IDs are globally unique identifiers assigned to registered applications. During authentication, an application submits its identifier through the client_id parameter. Microsoft Entra […]

The post Hackers Spoof 3.7 Million OAuth Client IDs to Stealthily Enumerate 2 Million Entra ID Users appeared first on Cyber Security News.

This article has been indexed from Cyber Security News

Read the original article: