In early 2023, Secureworks discovered an Azure AD application related to Microsoft Power Platform with an abandoned reply URL address. An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens. The threat actor could then call Power Platform API via a middle-tier service and obtain elevated privileges.
Summary (give a brief description of the issue)
In early 2023, Secureworks discovered an Azure AD application related to Microsoft Power Platform with an abandoned reply URL address. An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens. The threat actor could then call Power Platform API via a middle-tier service and obtain elevated privileges.
References (provide links to blogposts, etc.)
https://www.secureworks.com/research/power-platform-privilege-escalation