|
|
|
|
|
|
by SgtBastard
1023 days ago
|
|
|
Because it was a signing key that was stolen, the attackers could move straight to the post-authentication phase and forge authorization tokens. Those email accounts could have had multiple authentication factors enabled, other conditional access policies applied (geo-location, device trust, time of day etc)… all of which were skipped over. |
|
|