Comment by gmueckl
2 years ago
It's worse: anybody who can proxy the communication between Outlook and the MS servers can impersonate the user.
2 years ago
It's worse: anybody who can proxy the communication between Outlook and the MS servers can impersonate the user.
It is not entirely clear to me from the article that this is the case. I'd assume that they had to at least install their MitM certificate into the OS's trust store to intercept that message. If not then this is indeed even worse.