From refresh token theft to global admin

Type

Research

Actors

Pub. date

February 23, 2024

Initial access

Unknown

Impact

Resp. disclosure

Observed techniques

Refresh token compromiseAttach administrative role to accountCreate or modify cloud key

References

https://twitter.com/snehalantani/status/1761056008590221538

Status

Stub

Last edited

Jun 2, 2024 8:02 AM