The following was circulated to our NetSure360° managed service customers on Wednesday 15th August 2018.
Priority: High
Executive Summary: A newly discovered vulnerability in Microsoft’s Active Directory Federation Services (ADFS) lets threat actors bypass multifactor authentication (MFA), if they have full access to another user’s credentials on the same ADFS service.
This means the second factor for one account could be used for all other accounts in an organization.
If an attacker or malicious insider has compromised an existing user’s credentials (First Factor) then this vulnerability lets an attacker bypass the second factor by a legitimate account, or someone who has not activated a second factor. In the latter case, an attacker could simply enrol a second factor on their own device.
Microsoft has patched the flaw on the 14th of August 2018.
Detect: The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.
Prevent: To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors. The latest Microsoft security update corrects how AD FS handles multi-factor authentication requests. [2]
React: Apply vendor provided patches and ensure latest security updates are up to standard.
Sources:
[1] https://www.darkreading.com/threat-intelligence/microsoft-adfs-vulnerability-lets-attackers-bypass-mfa/d/d-id/1332553
[2] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8340
[3] https://www.helpnetsecurity.com/2018/08/14/cve-2018-8340/
[4] https://siliconangle.com/2018/08/14/microsoft-adfs-vulnerability-allows-hackers-bypass-multi-factor-authentication/
