Non-human identity management firm Oasis Security has disclosed the details of an attack that allowed its researchers to bypass Microsoft’s multi-factor authentication (MFA) implementation. The attack method, dubbed AuthQuake, was reported to Microsoft in late June and a temporary fix was rolled out a few days later. The tech giant released a permanent fix in October. According to Oasis, the vulnerability, which is described as critical, could have allowed threat actors to bypass Microsoft’s MFA and gain access to accounts — provided that they had the target’s username and password.
-– bonitas non est pessimis esse meliorem –-
