Security researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform.
Secureworks said it discovered the reply URL takeover bug earlier in April and it was fixed by Microsoft within 24 hours.
More specifically, the researchers had found an abandoned reply URL address in an Azure AD application related to the low-code Power Platform.
Attackers could use the URL to redirect authorization codes to themselves, exchanging these for access tokens. The threat actor could then call the Power Platform API via a middle-tier service and obtain elevated privileges, Secureworks said.