Researchers have found a way to manipulate the credential validation process in Microsoft Entra ID identity environments that they say attackers can use to bypass authentication in hybrid identity infrastructures.
The attack would require an adversary to have admin access on a server hosting a Pass-Through Authentication (PTA) agent, a component that allows users to sign in to cloud services using on-premises Microsoft Entra ID (formerly Azure Active Directory) credentials. They can then use that access to log in as an Entra ID user across different on-premises domains without the need for separate authentication, researchers from Cymulate said in a report this week.
https://www.darkreading.com/application-security/unfixed-microsoft-entra-id-authentication-bypass-threatens-hybrid-clouds