Microsoft AD FS flaw allows attackers to bypass MFA safeguards

0

A vulnerability (CVE-2018-8340) in Microsoft Active Directory Federation Services (ADFS) allows a second authentication factor for one account to be used for all other accounts in an organization, Okta REX Security Engineer Andrew Lee has discovered. By employing some simple phishing and leveraging the flaw, an attacker could compromise accounts belonging to other employees or executives and access sensitive information through a variety of company resources.

Read full news article on Help Net Security