Easy rundown for ’Your 2FA is mine also’ | CVE-2018-8340 | AD FS Security Feature Bypass Vulnerability

Here is a short rundown of the vulnerability described by MSRC as discovered and described in this detailed Blog by OKTA researcher Andrew Lee.


The rundown

  • The vulnerability described allows for strong authentication sequence of a single user to be leveraged for any other users second factor in the same organization – In essence AD FS has* vulnerability discerning single users 2FA for any other users 2FA in the same org.
    • In order to completely leverage this vulnerability, the attacker has to be in possession of the targeted users first factor also (assumed password in most cases)
  • The vulnerability was not publicly disclosed, it was discovered by OKTA researcher /see OKTA write-up also
    • No records exist for recorded exploitation in wild as zero-day vulnerability… But Microsoft rates the likeness of exploitation as second highest, in scale of 0-3 (0 being most likely)

* Unless patched


The mitigation

Initiate update on AD FS server(or servers)

  • if you’re not on automatic updates, then use MSRC table to see which update levels are affected:

 

Vastaa

Täytä tietosi alle tai klikkaa kuvaketta kirjautuaksesi sisään:

WordPress.com-logo

Olet kommentoimassa WordPress.com -tilin nimissä. Log Out /  Muuta )

Google photo

Olet kommentoimassa Google -tilin nimissä. Log Out /  Muuta )

Twitter-kuva

Olet kommentoimassa Twitter -tilin nimissä. Log Out /  Muuta )

Facebook-kuva

Olet kommentoimassa Facebook -tilin nimissä. Log Out /  Muuta )

Muodostetaan yhteyttä palveluun %s