OAuth client ID spoofing lets attackers test Entra accounts and stolen passwords without successful sign-ins, leaving ...
The technique allows threat actors to test large numbers of usernames and passwords without creating or registering an OAuth ...