Jump to content
osirium

Leveraging Duo Security’s Default Configuration to Bypass Two-Factor Authentication

By osirium, in Securitate web

Recommended Posts

osirium Newbie

osirium

Posted
Posted (edited)

Leveraging Duo Security’s Default Configuration to Bypass Two-Factor Authentication

 

"

Few things are more frustrating as an attacker than running up against widely implemented two-factor authentication (2FA). Even with valid credentials, without a valid two-factor authentication code or push acknowledgement, logging in to a protected service and abusing its capabilities or harvesting information isn’t possible. But what if instead of attacking the application, we first attacked how the two-factor authentication was implemented? In this blog post, we’ll discuss how one particular 2FA solution – by Duo Security – can have its default configuration leveraged to allow a log in without 2FA and how to mitigate against this tactic.

"

 

Source: https://appsecconsulting.com/blog/leveraging-duo-securitys-default-configuration-to-bypass-two-factor-authent

Edited by osirium
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...