Does not handle Conditional Access Policy correctly

[er4z0r]

In situations where the credentials are actually correct but the login is blocked by Conditional Access Policy you will receive an error like the following (taken from the PS version):

[*] Got an error we haven't seen yet for user [email protected]
{"error":"interaction_required","error_description":"AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.\r\nTrace ID: 
36a9bfd2-0233-4b3b-b947-5ed41fa7a600\r\nCorrelation ID: 85b60f58-62ff-4d26-b249-6a0229ba280e\r\nTimestamp: 2023-05-29 05:46:34Z","error_codes":[53003],"timestamp":"2023-05-29 
05:46:34Z","trace_id":"36a9bfd2-0233-4b3b-b947-5ed41fa7a600","correlation_id":"85b60f58-62ff-4d26-b249-6a0229ba280e","error_uri":"https://login.microsoft.com/error?code=53003","suberror":"message_only"}

Microsoft documentation suggests this means that access been blocked by Condtional Access Policies, which is a post-auth mechanism. So the credentials actually worked. Since they might sitll be useful when spraying against other endpoints, I believe this should be handled properly.