- 10% of the 150,000+ SaaS apps on offer could be affected by Entra ID vulnerability
- It was first disclosed in 2023, but many apps still remain affected
- App vendors need to issue patches or you risk account takeover
Semperis has released new research uncovering a severe flaw in Microsoft’s Entra ID, called nOAuth, and its effects could span 10% of SaaS applications globally.
The vulnerability involves a cross-tenant authentication flaw affecting Entra ID integrations – attackers could execute full account takeover with just access to an Entra tenant and the victim’s email.
The report explains that the attack is a low-complexity, low-effort one that bypasses even multi-factor authentication (MFA), conditional access policies and zero-trust security architecture – all things that are generally characteristics of companies with strong cybersecurity postures.
Entra ID vulnerability could have broad effects
Additionally, attackers can get away without leaving much trace, and the Entra ID vulnerability cannot be defended against without vendor-side fixes.
Given that there are an estimated 150,000 SaaS apps in use globally, Semperis suggests more than 15,000 SaaS applications could be affected.
Once an attacker gains access to one of the apps at risk, they can impersonate the victim, gain access to personally identifiable information or exfiltrate data.
Currently, there is no effective way to detect the attack, and prevention is also proving to be troubling without the right fixes from software vendors. Alarmingly, it was first disclosed in 2023, but Semperis’ 2025 research shows that it still affects many apps.
Semperis’ Chief Identity Architect, Eric Woodruff, commented: “customers are left with no way to detect or stop the attack, making this an especially dangerous and persistent threat.”
As such, SaaS vendors are being urged to audit and patch affected apps as quickly as possible. The Microsoft Security Response Center has also advised vendors to follow its guidelines or risk being removed from the Entra gallery.
“We’ve confirmed exploitation is still possible in many SaaS apps, which makes this an urgent call to action. We encourage developers to implement the necessary fixes and help protect their customers before this flaw is exploited further,” Woodruff added.
Leave a comment