Security researchers have revealed how a Microsoft 2FA bypass attack needed no user interaction, only took an hour and didn’t trigger alerts. Here’s what you need to know.
Security researchers have revealed how they discovered a critical Microsoft vulnerability in the two-factor authentication defenses meant to protect users against hacker attacks. The vulnerability, which Microsoft has now remediated, put 400 million users of Office 365 at risk of a 2FA bypass attack requiring no user interaction, triggering no alerts and only taking an hour to complete. Here’s what you need to know.
Far-reaching indeed, yet the actual exploit itself was shockingly simple: It got around a 10-attempt code fail rate limit to enable an attacker to execute a lot of attempts simultaneously, allowing the researchers to quickly exhaust the total number of options for a 6-digit two-factor authentication code.The Game Awards 2024 Live Winners List, And Game Of The Year
“The limit of 10 consequent fails was only applied to the temporary session object,” the researchers explained, “which can be regenerated by repeating the described process, with not enough of a rate limit.” What made matters worse, a lot worse in fact, was that during this attack process the account holder was not made aware of any failed attempts by email or other alerting mechanism, so the attacker could keep under the radar and continue at their leisure.
Oasis reported the flaw to Microsoft, which confirmed the vulnerability on June 24 and deployed a permanent fix on Oct. 9. The Oasis researchers said that the full details of the fix remain confidential but confirmed that a stricter 2FA failure rate limit was introduced. I have reached out to Microsoft for a statement.
This kind of exploit is not confined just to Microsoft, with 2FA bypass attacks being far from uncommon across most popualr platforms. You can read more about themOur community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
2FA Bypass Attack Microsoft 2FA Office 365 2FA Bypassing Microsoft 2FA Bypassing Office 365 2FA Office 365 2FA Bypass Hack Two-Factor Authentication Hacking Two-Factor Authentication Microsoft Security Warning
Nigeria Latest News, Nigeria Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Microsoft Warns 400 Million PC Owners—This Ends Your Windows UpdatesZak Doffman has covered security, surveillance and privacy on Forbes since 2018, focusing on the latest updates from the world’s largest tech companies, staying safe on smartphones and social media, and the dangers of AI.
Read more »
Microsoft’s New Update—Bad News Confirmed For 400 Million Windows UsersZak Doffman has covered security, surveillance and privacy on Forbes since 2018, focusing on the latest updates from the world’s largest tech companies, staying safe on smartphones and social media, and the dangers of AI.
Read more »
Microsoft Warns 400 Million Windows Users—Do Not Update Your PCMillions of Windows users hit with surprise warning—here’s what you do next.
Read more »
Microsoft Warns 400 Million Windows Users—Do Not Update Your PCMillions of Windows users hit with surprise warning—here’s what you do next.
Read more »
New Microsoft Update Warning—400 Million Windows PC Owners Need To PayZak Doffman has covered security, surveillance and privacy on Forbes since 2018, focusing on the latest updates from the world’s largest tech companies, staying safe on smartphones and social media, and the dangers of AI.
Read more »
Earth may have had a Saturn-like ring over 400 million years ago, scientists sayEarth may have had a ring made up of a broken asteroid over 400 million years ago, a study finds. The Saturn-like feature could explain a climate shift at the time.
Read more »