IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v15y2023i7p226-d1177589.html
   My bibliography  Save this article

Exploiting Misconfiguration Vulnerabilities in Microsoft’s Azure Active Directory for Privilege Escalation Attacks

Author

Listed:
  • Ibrahim Bu Haimed

    (School of Computing Science, University of Newcastle, Newcastle upon Tyne NE1 7RU, UK)

  • Marwan Albahar

    (Department of Computer Science, Umm Al Qura University, P.O. Box 715, Mecca 24382, Saudi Arabia)

  • Ali Alzubaidi

    (Department of Computer Science, Umm Al Qura University, P.O. Box 715, Mecca 24382, Saudi Arabia)

Abstract

Cloud services provided by Microsoft are growing rapidly in number and importance. Azure Active Directory (AAD) is becoming more important due to its role in facilitating identity management for cloud-based services. However, several risks and security issues have been associated with cloud systems due to vulnerabilities associated with identity management systems. In particular, misconfigurations could severely impact the security of cloud-based systems. Accordingly, this study identifies and experimentally evaluates exploitable misconfiguration vulnerabilities in Azure AD which can eventually lead to the risk of privilege escalation attacks. The study focuses on two scenarios: dynamic group settings and the activation of the Managed Identity feature on virtual devices. Through experimental evaluation, the research demonstrates the successful execution of these attacks, resulting in unauthorized access to sensitive information. Finally, we suggest several approaches to prevent such attacks by isolating sensitive systems to minimize the possibility of damage resulting from a misconfiguration accident and highlight the need for further studies.

Suggested Citation

  • Ibrahim Bu Haimed & Marwan Albahar & Ali Alzubaidi, 2023. "Exploiting Misconfiguration Vulnerabilities in Microsoft’s Azure Active Directory for Privilege Escalation Attacks," Future Internet, MDPI, vol. 15(7), pages 1-18, June.
    • Handle: RePEc:gam:jftint:v:15:y:2023:i:7:p:226-:d:1177589
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/15/7/226/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/15/7/226/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:15:y:2023:i:7:p:226-:d:1177589. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.