Is the AAC application vulnerable to the azure authentication flaw if using the email login?
Microsoft fixes Azure AD auth flaw enabling account takeover (bleepingcomputer.com)
Hi @Abigmac , could you just clarify what you mean by AAC / Alteryx Analytics Connector?
The name itself is pointing towards the Azure Web app we use as the default for performing OAuth authentication in our Data connectors in Alteryx Designer. In such case I can confirm it is not vulnerable to that flaw simply because we are not obtaining the email address in order to perform and user verification with our own list - that's simply a completely different auth flow, which is not even applicable in this case.
However, the abbreviation AAC is usually rather used for "Alteryx Analytics Cloud", which is maintained by different team and thus we would need to move this question into their area.
Thank you,
Vojta