PoC exploit released for Azure AD brute-force bug—here’s what to do

Found 23 days ago at Arstechnica

A public proof of concept PoC exploit has been released for the Microsoft Azure Active Directory credentials brute forcing flaw discovered by Secureworks and first reported by Ars. The exploit enables anyone to perform both username enumeration and password brute forcing on vulnerable Azure servers. Although Microsoft had initially called the Autologon mechanism a design choice, it appears, the...

Read the article at Arstechnica

More Developer News