LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO

1 week ago 16
BOOK THIS SPACE FOR AD
ARTICLE AD

Multi-factor authentication (MFA) has become the backbone of cybersecurity for businesses and individuals, adding an extra layer of protection beyond passwords. However, recent Pen Test Partners (PTP) research has identified a potential bypass method for Microsoft Azure Entra ID, a cloud-based identity and access management solution.

How was the issue discovered?

The issue was identified during a Red Team engagement when researchers acquired Domain Admin privileges on the on-premises Active Directory network but could not access the sensitive data on Azure cloud estate as it required authenticating with Azure Entra ID.

According to their blog post, the researchers then discovered a method where Azure Seamless Single Sign-On (SSO) allowed users to access Azure Entra ID-protected resources without passwords. This was achieved using two TGS tickets:

HTTP/aadg.windows.net.nsatc.net HTTP/autologon.microsoftazuread-sso.com

Bypassing Multi-Factor Authentication on Azure:

The PTP team successfully bypassed Azure’s MFA requirement for SSO by changing the user-agent of a browser. They used a browser that resembled Chrome on Linux but encountered an error message stating MFA was required.

To bypass MFA, they needed to be on a domain-joined machine, which they did via a proxy. However, their legitimate laptop was locked down, and only Edge and Chrome were installed. They downloaded a portable version of Firefox and installed it on the domain-joined laptop and could successfully bypass MFA. 

Root Causes of the Issue

The most common causes of this issue include the addition of a broad bypass to allow automated systems to access Linux without MFA, a misconfiguration of Conditional Access Policies within Entra ID, which dictate when MFA is needed, or an accidental policy disablement. 

The vulnerability is exploitable for specific internal applications, underscoring the importance of proper Entra ID configuration for security. The attack could be repeated to any user, highlighting the importance of strong security measures to protect cloud environments from malicious actors

Organizations can mitigate the threat by using up-to-date conditional access policies, patching regularly, monitoring login attempts for anomalies, and exploring additional security layers like endpoint detection and response (EDR) solutions to address known vulnerabilities and improve overall security.

Mirai botnet exploiting Azure OMIGOD vulnerabilities Microsoft Azure Exploited to Create Undetectable Cryptominer Microsoft warns of Azure vulnerability exposes users to data theft Whitehat hackers accessed primary keys of Azure Cosmos DB users Sensitive source codes exposed in Microsoft Azure Blob account leak
Read Entire Article
  3. Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO

Related

An attorney says she saw her library reading habits reflected in mobile ads. That's not supposed to happen

An attorney says she saw her library reading habits reflected in mobile ads. That's not supposed to happen

Gawd, after that week, we wonder what's next for China and the Western world

Gawd, after that week, we wonder what's next for China and the Western world

How two brothers allegedly swiped $25M in a 12-second Ethereum heist

How two brothers allegedly swiped $25M in a 12-second Ethereum heist

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Friday Squid Blogging: Emotional Support Squid

Friday Squid Blogging: Emotional Support Squid

Feds Bust N. Korean Identity Theft Ring Targeting US Firms

Feds Bust N. Korean Identity Theft Ring Targeting US Firms

Trending

1. Devara
2. Iran
3. RR बनाम KKR
4. Arsenal vs Everton
5. Premier League
6. Rahul Tripathi
7. Sand
8. India
9. Tyson Fury
10. Thailand Open

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved