
@cnlinkcnlink @tier10k It's technically possible for a session token to be hijacked after 2FA authentication, regardless of the type of 2FA. It would require nasty malware.
Alternatively, a man in the browser attacks or a polymorphic extension could steal the credentials and replay them elsewhere.
English









