Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional code indicating Password was fine, but Conditional Access Policy thwarted attempt #13

Closed
mgeeky opened this issue Feb 11, 2022 · 2 comments
Closed

Add additional code indicating Password was fine, but Conditional Access Policy thwarted attempt #13

mgeeky opened this issue Feb 11, 2022 · 2 comments

Comments

@mgeeky
Copy link

mgeeky commented Feb 11, 2022

Hi,

This issue is similar to MSOLspray's one.

During our tests we've found, that when sprayed User with a correct password - attempt failed due to Conditional Access Policy requirements, following error code will be thrown:

AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow
token issuance.

error_uri: https://login.microsoft.com/error?code=53003
https://login.microsoft.com/error?code=53003%22,%22suberror%22:%22message_only%22%7D

Whereas the same attempt with a wrong password brings no such error.

The conclusion is that AADSTS53003 error code indicates correct password, but CAP getting into way.
I guess it's worth adding corresponding logic to handle that :)

Regards,
Mariusz.
@0xZDH
Copy link
Owner

0xZDH commented Aug 6, 2022

This is a great catch! Getting this added to a dev branch with several other updates.

@0xZDH
Copy link
Owner

0xZDH commented Aug 6, 2022

This has been implemented into the 'dev' branch.

@0xZDH 0xZDH closed this as completed Aug 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mgeeky @0xZDH