SVR Attacks on Microsoft 365
Schneier on Security
JANUARY 21, 2021
This would allow the attacker to authenticate into a federated resource provider (such as Microsoft 365) as any user, without the need for that user’s password or their corresponding multi-factor authentication (MFA) mechanism.
Let's personalize your content