Security News > 2020 > September > MFA Bypass Bugs Opened Microsoft 365 to Attack
Bugs in the multi-factor authentication system used by Microsoft's cloud-based office productivity platform, Microsoft 365, opened the door for hackers to access cloud applications via a bypass of the security system, according to researchers at Proofpoint.
The flaws exist in the implementation of what is called the WS-Trust specification in cloud environments where WS-Trust is enabled and used with Microsoft 365, formerly called Office 365.
"Due to the way Microsoft 365 session login is designed, an attacker could gain full access to the target's account," Itir Clarke, senior product marketing manager for Proofpoint's Cloud Access Security Broker, in a report posted online Tuesday.
She said the Microsoft implementation of the standard gives attackers a number of ways to bypass MFA and access its cloud services, paving the way for various attacks-including real-time phishing, channel hijacking and the use of legacy protocols.
The WS-Trust protocol, Proofpoint said, opens the door for attackers to exploit Microsoft 365 cloud services to multiple attack scenarios.
News URL
https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Defending against EDR bypass attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)