Recommended reading

Microsoft Entra ID vulnerability allows full account takeover – and takes barely any effort

News
By published

15,000+ SaaS apps could be at risk

World Password Day 2025
(Image credit: Shutterstock)
  • 10% of the 150,000+ SaaS apps on offer could be affected by Entra ID vulnerability
  • It was first disclosed in 2023, but many apps still remain affected
  • App vendors need to issue patches or you risk account takeover

Semperis has released new research uncovering a severe flaw in Microsoft's Entra ID, called nOAuth, and its effects could span 10% of SaaS applications globally.

The vulnerability involves a cross-tenant authentication flaw affecting Entra ID integrations – attackers could execute full account takeover with just access to an Entra tenant and the victim's email.

The report explains that the attack is a low-complexity, low-effort one that bypasses even multi-factor authentication (MFA), conditional access policies and zero-trust security architecture – all things that are generally characteristics of companies with strong cybersecurity postures.

Entra ID vulnerability could have broad effects

Additionally, attackers can get away without leaving much trace, and the Entra ID vulnerability cannot be defended against without vendor-side fixes.

Given that there are an estimated 150,000 SaaS apps in use globally, Semperis suggests more than 15,000 SaaS applications could be affected.

Once an attacker gains access to one of the apps at risk, they can impersonate the victim, gain access to personally identifiable information or exfiltrate data.

Currently, there is no effective way to detect the attack, and prevention is also proving to be troubling without the right fixes from software vendors. Alarmingly, it was first disclosed in 2023, but Semperis' 2025 research shows that it still affects many apps.

Semperis' Chief Identity Architect, Eric Woodruff, commented: "customers are left with no way to detect or stop the attack, making this an especially dangerous and persistent threat."

As such, SaaS vendors are being urged to audit and patch affected apps as quickly as possible. The Microsoft Security Response Center has also advised vendors to follow its guidelines or risk being removed from the Entra gallery.

"We’ve confirmed exploitation is still possible in many SaaS apps, which makes this an urgent call to action. We encourage developers to implement the necessary fixes and help protect their customers before this flaw is exploited further," Woodruff added.

You might also like

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.