🐑
MrSheepSheep's curiosities
  • Posts
    • Exploiting the Docker daemon from an XSS perspective
    • Storm-1811's Quick-Assist phishing could have been worse
    • Scrapping codesandbox.io for Discord bot tokens
    • Exploiting Azure Data Factory to reach on-premise assets
    • Evil Entra ID - Turning MSA into a phishing platform
Powered by GitBook
On this page
  1. Posts

Evil Entra ID - Turning MSA into a phishing platform

A vulnerability in Entra ID Connect allows attackers to phish credentials of users directly from the Microsoft login page.

Last updated 2 days ago

04/12/2025 : MSRC Disclosure

04/02/2025 : 2 months without news from Microsoft.

Full disclosure is planned on 04/03/2025 (3 months from MSRC disclosure) unless MSRC decides otherwise.

Page cover image