Technology Graphic

New Vulnerability Found in Microsoft ADFS Allows for MFA Bypass

by Will Fulmer, Chief Operating Officer

Microsoft has released a fix for a newly identified flaw in Microsoft Active Directory Federation Services (ADFS). Andrew Lee, a security engineer for Okta Research and Exploitation (REX) discovered the bug, which exposes a potential massive vulnerability within ADFS.

Many organizations use ADFS for identity management and authentication to company resources. Many two-factor authentication mechanisms bolt onto ADFS including Microsoft’s MFA product, along with third party solutions such as Okta, Gemalto, RSA, and SecureAuth. All of these 2FA products are subject to this vulnerability.

This newly discovered exploit would allow for the bypassing of the multifactor authentication prompt, providing the offender has a username and password pair for another user on the same ADFS service. Essentially, this bypass acts as a ‘skeleton key’, allowing for unauthorized and insecure access to resources.

This attack has not yet been seen in the wild, but Microsoft has issued a software update/patch to remove this vulnerability and mitigate this exposure. More information can be found on this link:

Windows Server 2012 R2434389Monthly RollupSecurity Feature BypassImportant4338815
4343888Security Only
Windows Server 2012 R2
(Server Core installation)
4343898Monthly RollupSecurity Feature BypassImportant4338815
4343888Security Only
Windows Server 20164343887Security UpdateSecurity Feature BypassImportant4338814
Windows Server 2016
(Server Core installation)
4343887Security UpdateSecurity Feature BypassImportant4338814
Windows Server, version 1709
(Server Core Installation)
4343897Security UpdateSecurity Feature BypassImportant4338825
Windows Server, version 1803
(Server Core Installation)
4343909Security UpdateSecurity Feature BypassImportant4338819

Please contact Helient if we can assist you with your ADFS and multi-factor environment and remediating this vulnerability.

Thank you for sharing... Share on Facebook
Tweet about this on Twitter
Share on LinkedIn

Connect with Helient