VDB
GCVE-110-CLOUD-2024-0039
GCVE-110-CLOUD-2024-0039
Advisory Published
A vulnerability in Microsoft Graph allowed attackers to conduct password-spray attacks without detection.
The issue involved switching the 'common' authentication endpoint with that of an unrelated tenant,
thereby avoiding the appearance of logon attempts in the victim's logs.
This technique could allow attackers to validate user credentials through verbose error messages,
but actual successful logons using these credentials would still be recorded in the victims' logs (regardless of endpoint).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Microsoft Graph | — | — |
| Azure | Cloud Services | — | — |
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.