I bet Microsoft's tolerance of outdated TOTP responses that gave rise to the #authquake vuln is their need to support hardware OATH tokens. Time drift is a real problem and most have no way of correcting it. Still, you'd think that rather than extending the window of acceptable codes and […]
After all the dust has settled, what can we learn from #AuthQuake?
This blog covers:
✅ How AuthQuake works
✅ The rise of #mfabypass
✅ Why #passkeys are (almost always) the answer
🔗 : www.descope.com/blog/post/au...
Hat tip to Oasis Security for the groundbreaking research (pun somewhat intended)
What's an infosec engineer's favorite dairy? Swiss cheese!
No but for real, gotta remember that all implemented controls have scopes that they fail to adequately cover, use cases that aren't accounted for, and control risk tossed into the mix.
A few days ago #AuthQuake is released by #Oasis. (1/1)
Well, folks, hold onto your hats because the cybersecurity world just got a dose of reality that’s as shocking as a cold plunge in the middle of winter! #authquake #CISO #leadership #mfa #securityfirst #Troublemaker #Vulnerabilities
bit.ly/4fdPhvq
Microsoft MFA AuthQuake の欠陥により、警告なしで無制限のブルートフォース攻撃が可能に
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts #HackerNews (Dec 11)
#多要素認証 #AuthQuake #ブルートフォース攻撃 #マイクロソフト #サイバーセキュリティ
📢🚨 Dubbed #AuthQuake; Microsoft MFA flaw allowed attackers to bypass security and access accounts with 50% success rate putting 400 million users at risk on Azure, Office 365 & more.
Read: hackread.com/authquake-fl...
#CyberSecurity #Microsoft #Vulnerability #Azure #Office365
