Summary by S44D
I identified that the server at auth-int.thetradedesk.com was accepting TLS 1.2 cipher suites that rely on RSA key exchange and CBC-mode encryption. These ciphers do not provide Perfect Forward Secrecy (PFS). This means that if an attacker ever obtained the server’s private key, previously captured TLS traffic could be decrypted.
The issue was informational-level and did not expose any active compromise, but it highlighted the use of outdated cryptographic primitives that modern security standards advise against. The finding was reported responsibly and has since been addressed.