A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.
A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.
Is this attack unique to Microsoft entra ID? Can this not be used to steal auth cookies for any web app which uses such a mechanism?
Not at all, you’re absolutely right. In the Varonis article this clickbaity one references, they list out the corresponding session cookies for Google’s cloud platform and AWS as well.