Evil Entra ID - Turning MSA into a phishing platform

A vulnerability in Entra ID Connect allows attackers to phish credentials of users directly from the Microsoft login page.

04/12/2025 : MSRC Disclosure

04/02/2025 : 2 months without news from Microsoft.

Full disclosure is planned on 04/03/2025 (3 months from MSRC disclosure) unless MSRC decides otherwise.

https://www.youtube.com/embed/S411UyTaXycwww.youtube.com