Apicultor 🐝 on Nostr: npub17lgy0…k9uux >MSA (consumer) keys and Azure AD (enterprise) keys are issued and ...
npub17lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0qlk9uux (npub17lg…9uux) >MSA (consumer) keys and Azure AD (enterprise) keys are issued and managed from separate systems and should only be valid for their respective systems. The actor exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail.
So they were not checking which key was being used and thus a consumer key could forge Azure AD tokens.
Yikes.
Published at
2023-07-12 11:53:04Event JSON
{
"id": "1693e22f5bcf545e04e59d97414b1306f20c6b0723813887b1e56082128cbbdc",
"pubkey": "3cb5c5f36f1c297df2ce5b9495b135ca5ef6a1e1cf65647a60265261925dce9d",
"created_at": 1689162784,
"kind": 1,
"tags": [
[
"p",
"f7d0478e54eaa6e0cc98adf81d712148bce169a2c21b1c0f7a4ed446c6adc09e",
"wss://relay.mostr.pub"
],
[
"p",
"f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"wss://relay.mostr.pub"
],
[
"e",
"caba27f2f7e86cfb7262ea8e9d5ff0ad4e691e9d7333992e5d308c84120decdc",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://hachyderm.io/users/apicultor/statuses/110700972232036034"
]
],
"content": "nostr:npub17lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0qlk9uux \u003eMSA (consumer) keys and Azure AD (enterprise) keys are issued and managed from separate systems and should only be valid for their respective systems. The actor exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail.\n\nSo they were not checking which key was being used and thus a consumer key could forge Azure AD tokens.\n\nYikes.",
"sig": "020e87a5e7edda87bc295888cbb8764c340bcadae3c17f8b80cff775db3618ff320a851e270d55e66e188222483ec2fa032edb4723b9ac1f0001f88d2b43d16b"
}
