Comment by iscoelho
4 hours ago
But it doesn't. Full authentication bypass exploits are extremely rare and unheard of among tech giants. Maybe account takeover/recovery, sure, but full bypass? It just never happens.
Microsoft goes beyond that: they've managed to have a critical vulnerability in almost every authentication product they have ever created. It's exceptional.
> But it doesn't.
That we know of.
> It's exceptional.
I agree, but I look at it as a question of cost. would it make sense for Russia to spend on resources to compromise GCP or AWS? Microsoft's EntraID/AzureAD itself is an exceptional product in that organization's dependency on it, especially US government orgs, is exceptional.
If APTs target AWS, they will compromise it, period. Of course the caveat is time, skill and money which can all be acquired at cost.