Bypassing Two-Factor Authentication on OWA & Office365 Portals
Summary
This article from Black Hills Information Security details a method for bypassing two-factor authentication on OWA and Office365 portals. The vulnerability was reported to Microsoft on September 28th, 2016.
IFF Assessment
The article describes a method that can be used to bypass security controls like two-factor authentication, which is detrimental to defenders.
Severity
While not explicitly stated, bypassing multi-factor authentication on sensitive portals like OWA and Office365 typically carries a high severity due to the potential for unauthorized access. A CVSS score of 7.5 (High) is estimated, considering factors like the ability to gain access to user accounts and potentially sensitive data, even if manual interaction is required.
Defender Context
This analysis highlights a critical weakness in the implementation of two-factor authentication on widely used Microsoft services. Defenders should be aware of such bypass techniques and ensure their 2FA configurations are robust and regularly reviewed for potential weaknesses. Monitoring for unusual login patterns or access attempts from compromised credentials is also crucial.