Visible to the public "MFA Bypass Bugs Opened Microsoft 365 to Attack"Conflict Detection Enabled

Researchers have found bugs in the multi-factor authentication system used by Microsoft's cloud-based office productivity platform, Microsoft 365. The flaws exist in the implementation of what is called the WS-Trust specification in cloud environments where WS-Trust is enabled and used with Microsoft 365. Researchers say that WS-Trust is an "inherently insecure protocol." Microsoft's implementation of the standard gives attackers a number of ways to bypass multi-factor authentication and access cloud services. The flaws could allow adversaries to carry out various attacks, such as real-time phishing and channel hijacking.

Threatpost reports: "MFA Bypass Bugs Opened Microsoft 365 to Attack"