Full Disclosure, GraphGhost: Are You Afraid of Failed Logins?

The report describes "GraphGhost," a logging/logic flaw in Microsoft Entra ID that allowed attackers to detect valid passwords by observing error codes returned after password validation, while sign-in logs continued to show failed authentications. The author details the authentication order of operations, demonstrates how post-password checks leaked password-validity information, provides examples and log screenshots, and notes the issue was responsibly disclosed and patched by Microsoft (reported Dec 17, 2024; fixed Apr 11, 2025).