Tag: device code authentication
1 article

Phishers Exploit Microsoft Device Code Flow to Hijack M365 Accounts
Cyber attackers have cleverly exploited Microsoft's device code login flow to hijack M365 accounts, using a sneaky collaboration-style lure to trick users into handing over session tokens without even needing to steal passwords. This clever tactic abuses the OAuth 2.0 Device Authorization Grant, designed for constrained devices, to bypass security measures like multifactor authentication.