osirium Posted August 24, 2017 Report Share Posted August 24, 2017 (edited) Leveraging Duo Security’s Default Configuration to Bypass Two-Factor Authentication " Few things are more frustrating as an attacker than running up against widely implemented two-factor authentication (2FA). Even with valid credentials, without a valid two-factor authentication code or push acknowledgement, logging in to a protected service and abusing its capabilities or harvesting information isn’t possible. But what if instead of attacking the application, we first attacked how the two-factor authentication was implemented? In this blog post, we’ll discuss how one particular 2FA solution – by Duo Security – can have its default configuration leveraged to allow a log in without 2FA and how to mitigate against this tactic. " Source: https://appsecconsulting.com/blog/leveraging-duo-securitys-default-configuration-to-bypass-two-factor-authent Edited August 24, 2017 by osirium 1 Quote Link to comment Share on other sites More sharing options...
