Security researchers have revealed how a Microsoft 2FA bypass attack needed no user interaction, only took an hour and didn’t trigger alerts. Here’s what you need to know.
Update, Dec. 14, 2024: This story, originally published Dec. 13 now includes a statement from Microsoft about the 2FA bypass vulnerability and the impact it has observed on users.
Far-reaching indeed, yet the actual exploit itself was shockingly simple: It got around a 10-attempt code fail rate limit to enable an attacker to execute a lot of attempts simultaneously, allowing the researchers to quickly exhaust the total number of options for a 6-digit two-factor authentication code.
Oasis reported the flaw to Microsoft, which confirmed the vulnerability on June 24 and deployed a permanent fix on Oct. 9. The Oasis researchers said that the full details of the fix remain confidential but confirmed that a stricter 2FA failure rate limit was introduced.
2FA Bypass Attack Microsoft 2FA Office 365 2FA Bypassing Microsoft 2FA Bypassing Office 365 2FA Office 365 2FA Bypass Hack Two-Factor Authentication Hacking Two-Factor Authentication Microsoft Security Warning
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Google And Microsoft Users Warned—Rockstar 2FA Bypass Attacks IncomingDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Google And Microsoft Users Warned—Rockstar 2FA Bypass Attacks IncomingDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
400 Million Microsoft Users Put At Risk From No Interaction 2FA BypassSecurity researchers have revealed how a Microsoft 2FA bypass attack needed no user interaction, only took an hour and didn’t trigger alerts. Here’s what you need to know.
Read more »
Security Warning As New 2SP Cyber Attacks Emerge—Why 2FA Is Your FriendDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Insta360 Cleans Up Ambiguous User Service Agreement In Response to User ConcernInsta360's user service agreement ruffled feathers for its ambiguous and vague language, a situation the company generally addressed today.
Read more »
Microsoft’s Surface Studio Failed to Understand the User It Was Selling ToMicrosoft doomed the Surface Studio with a mixture of weak hardware, poor software support, and a luxury price.
Read more »