Security Researchers Uncover FIDO Downgrade Attack in Microsoft Entra ID
By
mikece
9mo ago· 4 min readenNews
80/100
Golden Brown
Bagelometer↗
Hot, fresh, and worth queueing round the block for.
Score80TypenewsSentimentnegative
Summary
Security researchers have identified a new FIDO downgrade attack targeting Microsoft Entra ID, which tricks users into using weaker authentication methods, leaving them vulnerable to phishing and session hijacking. The attack exploits weaker login channels, enabling adversaries to steal session cookies and compromise accounts. While FIDO itself isn't vulnerable, the bypass highlights a significant security flaw.
Key quotes
· 3 pulledSecurity researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.
These weaker login channels are vulnerable to adversary-in-the-middle phishing attacks that employ tools like Evilginx, enabling attackers to snatch valid session cookies and hijack the accounts.
Although the attack doesn't prove a vulnerability in FIDO itself, it shows that the system can be bypassed, which is a crucial weakness.
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.