SolarWinds hackers have a clever way to bypass multi factor authentication

Jump to latest Follow Reply
Status
You're currently viewing only Aguyd's posts. Click here to go back to viewing the entire thread.
Muted (0)
Sort by date Sort by votes
A

Aguyd

Smack-Fu Master, in training
60
  • #45
    Cognac said:
    Novel indeed.

    These cookies are used for "Trust This Device"-type settings right, given that they had to present the username and password? If the user/organisation required a new MFA confirmation for every login would that "overcome" this particular problem?

    I mean, Dark Halo still gained admin access to the network, so there's a few other problems there.

    Also, I despise the Outlook Web App.
    Click to expand...

    If you configured your server to require new MFA confirmation for every login, the hackers could just turn that setting off. Or do something else. Fundamentally, MFA is intended as a mitigation for client compromise (e.g., due to phishing, password reuse, etc.) . MFA does not protect against server compromise.
     
    Upvote
    40 (41 / -1)
    You must log in or register to reply here.
    Status
    You're currently viewing only Aguyd's posts. Click here to go back to viewing the entire thread.
    Jump to latest Follow Reply
    Jump to latest Follow Reply