cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
774
Views
1
Helpful
0
Replies

U.S. government bulletin describes how cyber actors bypassed two-factor authentication implementation

Amy2
Level 5
Level 5

On March 15, 2022, a US government flash bulletin was published describing how state-sponsored cyber actors were able to exploit certain authentication workflows in combination with PrintNightmare vulnerability (CVE-2021-34527) to gain administrative access to Windows domain controllers. Once administrative access was established, the attacker was able to change two-factor authentication (2FA) configurations and eventually bypass 2FA to gain access to cloud storage services.

This scenario did not leverage or reveal a vulnerability in Duo software or infrastructure but made use of a combination of configurations in 2FA (in this case Duo 2FA) and Windows native authentication workflows. This scenario can be mitigated through a policy configuration in Duo’s Admin Panel (details in the blog here). Duo recommends reviewing your configuration to make sure it meets your current business and security needs.

This information was provided to Duo customers on March 15 via email.

Resources

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links