Forum Discussion
Investigating Storm-0558 security issue?
For those that've heard, any idea how we can investigate tokens? https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr article advises to: Exam...
Examine suspicious authentication attempts using OpenID tokens signed by the compromised key. To do this, unpack the access tokens used against the application and search for the string "1LTMzakihiRla_8z2BEJVXeWMqo" within the "kid" field of the JOSE Header.
Gohulan "To do this, unpack the access tokens used against the application and search for the string" > can you give me more details what should i do like a Azure CLI command or something?
The more I read about it the more I get the hunch that remediation steps can only be carried out on the app developer's side. We are customers using this, for the most part, enterprise applications/app registrations. Don't if we can do anything here at all. What do you think?
- As customers using enterprise applications or app registrations, your control over the app's internal security mechanisms might be limited. In such cases, the responsibility for implementing remediation measures generally falls on the app developer or the service provider offering the application.
