Undetected by SaaS vendors Semperis has found that two years after the discovery of nOAuth, many SaaS applications were still vulnerable to the flaw. The company estimated that these vulnerable apps ...

nOAuth was first disclosed in 2023 by Omer Cohen of Descope, highlighting a flaw in how some SaaS applications implement OpenID Connect. Semperis’ follow-up research focused on Entra-integrated ...

Microsoft this week addressed findings by security researchers at Descope, who reported a 'nOAuth' attack route that's present in some applications leveraging the Azure Active Directory service.

GUEST RESEARCH: nOAuth continues to go undetected by SaaS vendors, who may not even know what to look for and it is nearly impossible for enterprise customers to defend against, allowing attackers ...

This Week In Security: NOAuth, MiniDLNA, And Ticket To Ride 4 Comments by: Jonathan Bennett June 23, 2023 ...

“nOAuth abuse is a serious threat that many organisations may be exposed to,” continued Woodruff. “It’s low effort, leaves almost no trace and bypasses end‑user protections.

The vulnerability, named “nOAuth” by Descope, a renowned security software company, is present within Azure’s Active Directory, allowing hackers to exploit it and gain access to third-party ...

This misconfiguration (named nOAuth by the Descope security team who discovered it) could be abused in account and privilege escalation attacks against Azure AD OAuth applications configured to ...