Over the last few weeks, my team and I have been working on research associated with Microsoft Azure and Microsoft OAuth 2.0.  Over the course of that time, we found a vulnerability that allows for the takeover of Microsoft Azure Accounts.

BlackDirect: Microsoft Azure Account Takeover