Skip to content

H3-2024-0038

Microsoft Entra (AzureAD) - Entra Group Takeover

Category SECURITY_MISCONFIGURATION
Base Score 5.9

Description

Microsoft Entra uses Role-Based Access Controls (RBACs) to manage permissions within a tenant account. Some Directory Roles, such as the Hybrid Identity Administrator, can allow a user to assign themselves as the owner of a Group. Once the owner of a Group, a user can modify group RBACs and group membership.

Impact

If an attacker is able to manipulate an Entra Group that has assigned high-value administrator roles, an attacker could escalate an unprivileged user by adding them to the group once they become owner.

References