|
|
|
|
|
|
by kune
1057 days ago
|
|
|
There are two scenarios: First: Microsoft uses the JWT signing keys in memory and the attacker were able to get access to it by injecting code or get access to the memory image of such a process. Second: Microsoft actually uses HSMs but has to distribute the keys geographically and the attackers were able to get access to the key this way. The first scenario is more likely, but you cannot exclude the second as well. |
|
|