Tag
#Azure Active Directory
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.
**How could an attacker exploit this vulnerability?** An unauthenticated attacker (PR:N) could exploit this vulnerability by running a script to access a targeted Jira server over the internet.
**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device.
**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device.
**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device.
**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device.