Uncovering Hidden Threats: The Risks of Dangling Issuers in Federated Credentials
Gautam Peri
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
Gautam Peri, a Senior Security Engineer at Microsoft, delivered a highly technical talk at Cloud Village titled "Uncovering Hidden Threats: The Risks of Dangling Issuers in Federated Credentials." This presentation sheds light on a critical, yet often overlooked, vulnerability within modern cloud identity systems, specifically focusing on Microsoft Entra ID (formerly Azure Active Directory). The core of the research revolves around **dangling issuers**, which are unregistered or deleted domains and subdomains that are mistakenly configured as trusted OpenID Connect (OIDC) issuers within federated identity credentials.
AI review
Peri found a real, underappreciated attack class — dangling OIDC issuers in Entra ID federated credentials — and walked it all the way from root cause through working PoC to defensive controls. The research connects established concepts (domain takeover, subdomain hijacking) to a genuinely underexplored surface in WIF, and the two live demos with Key Vault exfil land the impact concretely. Debut speaker at this level with original tooling and an undocumented Azure Storage suffix mapping is notable.