Security News > 2018 > August > Microsoft ADFS flaw allows attackers to bypass MFA safeguards
2018-08-14 23:19
A vulnerability (CVE-2018-8340) in Microsoft Active Directory Federation Services (ADFS) allows a second authentication factor for one account to be used for all other accounts in an organization, Okta REX Security Engineer Andrew Lee has discovered. By employing some simple phishing and leveraging the flaw, an attacker could compromise accounts belonging to other employees or executives and access sensitive information through a variety of company resources. About the vulnerability (CVE-2018-8340) and possible attacks “Many organizations … More → The post Microsoft ADFS flaw allows attackers to bypass MFA safeguards appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/DZjrhgeYQag/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-8340 | Unspecified vulnerability in Microsoft Windows Server 2012 and Windows Server 2016 A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers. | 4.0 |