- The vulnerability described allows for strong authentication sequence of a single user to be leveraged for any other users second factor in the same organization – In essence AD FS has* vulnerability discerning single users 2FA for any other users 2FA in the same org.
- In order to completely leverage this vulnerability, the attacker has to be in possession of the targeted users first factor also (assumed password in most cases)
- The vulnerability was not publicly disclosed, it was discovered by OKTA researcher /see OKTA write-up also
- No records exist for recorded exploitation in wild as zero-day vulnerability… But Microsoft rates the likeness of exploitation as second highest, in scale of 0-3 (0 being most likely)
* Unless patched
Initiate update on AD FS server(or servers)
- if you’re not on automatic updates, then use MSRC table to see which update levels are affected: