Article 5Q5YP PoC exploit released for Azure AD brute-force bug—here’s what to do

PoC exploit released for Azure AD brute-force bug—here’s what to do

by
Ax Sharma
from Ars Technica - All content on (#5Q5YP)
michael-dziedzic-0XkLAIrknco-unsplash-80

Enlarge (credit: Michael Dziedzic)

A public proof-of-concept (PoC) exploit has been released for the Microsoft Azure Active Directory credentials brute-forcing flaw discovered by Secureworks and first reported by Ars. The exploit enables anyone to perform both username enumeration and password brute-forcing on vulnerable Azure servers. Although Microsoft had initially called the Autologon mechanism a "design" choice, it appears, the company is now working on a solution.

PoC script released on GitHub

Yesterday, a "password spraying" PoC exploit was published for the Azure Active Directory brute-forcing flaw on GitHub. The PowerShell script, just a little over 100 lines of code, is heavily based on previous work by Dr. Nestori Syynimaa, senior principal security researcher at Secureworks.

POC just popped for the SSO spray https://t.co/Ly2AHsR8Mr

- rvrsh3ll (@424f424f) September 29, 2021

According to Secureworks' Counter Threat Unit (CTU), exploiting the flaw, as in confirming users' passwords via brute-forcing, is quite easy, as demonstrated by the PoC. But, organizations that use Conditional Access policies and multi-factor authentication (MFA) may benefit from blocking access to services via username/password authentication. "So, even when the threat actor is able to get [a] user's password, they may not be [able to] use it to access the organisation's data," Syynimaa told Ars in an email interview.

Read 10 remaining paragraphs | Comments

index?i=w67Hr8bUnJw:i9tWdzfgi8k:V_sGLiPB index?i=w67Hr8bUnJw:i9tWdzfgi8k:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments