Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2026 Poal.co

762

•

Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found (trustedsec.com)

From the post:

>Invisible password sprays. Invisible logins. Full tokens returned. Nyxgeek here. It's 2026 and I've got two more Azure Entra ID sign-in log bypasses to share with you. Don't get too excited…these bypasses were recently fixed, but I think it's important that people know. By sending a specially crafted login attempt to the Azure authentication endpoint, it was possible to retrieve valid tokens without the activity appearing in the Entra ID sign-in logs. This is critical logging…logging that administrators across the world rely on to detect intrusions…logging that could be made optional.

Archive: https://archive.today/a6Nli From the post: >>Invisible password sprays. Invisible logins. Full tokens returned. Nyxgeek here. It's 2026 and I've got two more Azure Entra ID sign-in log bypasses to share with you. Don't get too excited…these bypasses were recently fixed, but I think it's important that people know. By sending a specially crafted login attempt to the Azure authentication endpoint, it was possible to retrieve valid tokens without the activity appearing in the Entra ID sign-in logs. This is critical logging…logging that administrators across the world rely on to detect intrusions…logging that could be made optional.

You are currently inside a comment thread.

Click here to see all the comments (1).

[–] • 1 pt

Fuck me, can I bypass my entra login? The fucking thing asks me to sign in half a dozen times most days before it'll let me in. Sometime I will be in the middle of an admin task and the stupid website wants me to log in again blowing up all my changes. Stupid cloud junk.

link