New Azure Active Directory password brute-forcing flaw has no fix

New Azure Active Directory password brute-forcing flaw has no fix

3 years ago
Anonymous $WHrWmjSJBZ

https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

Imagine having unlimited attempts to guess someone's username and password without getting caught. That would make an ideal scenario for a stealthy threat actor—leaving server admins with little to no visibility into the attacker's actions, let alone the possibility of blocking them.

A newly discovered bug in Microsoft Azure's Active Directory (AD) implementation allows just that: single-factor brute-forcing of a user's AD credentials. And, these attempts aren't logged on to the server.

Last Seen
26 minutes ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
44 minutes ago
Reputation
0
Spam
0.000
Last Seen
39 minutes ago
Reputation
0
Spam
0.000