Furthermore, these vulnerabilities could also be used to gain access to various other Microsoft-provided cloud services, including production and development environments such as Azure and Visual Studio.
These vulnerabilities could allow attackers to bypass MFA and access cloud applications that use the protocol, notably Microsoft 365. Due to the way Microsoft 365 session login is designed, an attacker could gain full access to the target’s account (including mail, files, contacts, data and more). Proofpoint researchers recently discovered critical vulnerabilities in multi-factor authentication (MFA) implementation in cloud environments where WS-Trust is enabled.
0 kommentar(er)
