Microsoft nOAuth Flaw Still Exposes SaaS Apps Two Years After Discovery
Two years after its initial discovery, a critical vulnerability in Microsoft's Entra ID, known as nOAuth, continues to expose thousands of SaaS applications to potential account takeovers. New research from Semperis reveals the flaw, which bypasses standard defenses, remains a severe and active threat.