Critical Azure SSO Token Flaw in Windows Admin Center Enables Tenant-Wide Takeover
Introduction A high-severity security flaw in Windows Admin Center’s Azure Single Sign-On implementation has revealed how weaknesses in identity token validation can undermine isolation across entire Azure tenants. The vulnerability allows attackers to pivot from a single compromised virtual machine into broader Azure environments, bypassing expected trust boundaries. Background and Discovery The issue was uncovered […]