Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD
In several recent investigations of SaaS security incidents, the Obsidian threat research team identified a novel attack vector in the wild: abuse of the Azure AD self-service password reset (SSPR) feature. With the glaring lack of coverage around this specific threat vector, our team felt it would be an important topic for discussion. In this […]
