Compromised Microsoft Key: More Impactful Than We Thought. Compromised MSA key could have allowed the threat actor to forge access tokens for multiple types of Azure Active Directory applications, including every application that supports personal ac

Microsoft have said that Outlook.com and Exchange Online were the only applications known to have been affected via the token forging technique, but Wiz Research has found that the compromised signing key was more powerful than it may have seemed, and was not limited to just those two services. Our researchers concluded that the compromised MSA key could have allowed the threat actor to forge access tokens for multiple types of Azure Active Directory applications, including every application that supports …

access access tokens active directory actor application applications azure azure active directory compromised cybersecurity directory exchange exchange online forge key microsoft msa key outlook outlook.com personal thought threat threat actor token tokens types wiz