mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
3.1 KiB
3.1 KiB
CVE-2019-1172
&color=blue)
&color=blue)
&color=blue)
&color=blue)
&color=blue)
Description
An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account.To exploit the vulnerability, an attacker would have to trick a user into browsing to a specially crafted website, allowing the attacker to steal the user's token.The security update addresses the vulnerability by correcting how MSA handles cookies.
POC
Reference
No PoCs from references.