New Vulnerabilities Bypass Multi-Factor Authentication for Microsoft 365

guest · Sep 17, 2020

MFA bypass allows hackers to infiltrate Microsoft 365
Hackers could exploit errors in the ‘inherently insecure’ protocol implemented on widely-used cloud services
September 15, 2020
https://www.itpro.co.uk/cloud/cloud...ss-allows-hackers-to-infiltrate-microsoft-365

Critical vulnerabilities in multi-factor authentication (MFA) protocols based on the WS-Trust security standard could allow cyber criminals to access various cloud applications including core Microsoft services.

Microsoft 365 is the most notable cloud service that can be infiltrated in such a way due to the way the platform’s session login is designed, according to Proofpoint, with hackers able to gain full access to a target’s account. Information including emails, files, contacts, among other data points would be vulnerable to such an attack.
Click to expand...

The flaw lies in the implementation of the WS-Trust specification, an OASIS standard that is used for renewing and validating security tokens and establishing trusted connections. Proofpoint researchers claim that WS-Trust is inherently insecure and that Microsoft’s identity providers implemented the standard with a number of bugs.

These vulnerabilities can be exploited to allow an attacker, for example, to spoof their IP address to bypass MFA through a simple request header manipulation. Changing the user-agent header, in another example, may also cause the system to misidentify the protocol, and believe it to be using ‘modern authentication’.

“Most likely, these vulnerabilities have existed for years. We have tested several Identity Provider (IDP) solutions, identified those that were susceptible and resolved the security issues,” Proofpoint said.
Click to expand...

Proofpoint: New Vulnerabilities Bypass Multi-Factor Authentication for Microsoft 365

Due to the way Microsoft 365 session login is designed, an attacker could gain full access to the target’s account (including mail, files, contacts, data and more). Furthermore, these vulnerabilities could also be used to gain access to various other Microsoft-provided cloud services, including production and development environments such as Azure and Visual Studio.

Since MFA as a preventative measure can be bypassed, it becomes necessary to layer additional security measures in the form of account compromise detection and remediation.
Click to expand...

Log in or Sign up

New Vulnerabilities Bypass Multi-Factor Authentication for Microsoft 365

guest Guest

Log in or Sign up

New Vulnerabilities Bypass Multi-Factor Authentication for Microsoft 365

guest Guest

Useful Searches