PoC script released on GitHub
Yesterday, a “password spraying” PoC exploit was published for the Azure Active Directory brute-forcing flaw on GitHub. The PowerShell script, just a little over 100 lines of code, is heavily based on previous work by Dr. Nestori Syynimaa, senior principal security researcher at Secureworks.
POC just popped for the SSO spray https://t.co/Ly2AHsR8Mr
— rvrsh3ll (@424f424f) September 29, 2021
According to Secureworks’ Counter Threat Unit (CTU), exploiting the flaw, as in confirming users’ passwords via brute-forcing, is quite easy, as demonstrated by the PoC. But, organizations that use Conditional Access policies and multi-factor authentication (MFA) may benefit from blocking access to services via username/password authentication. “So, even when the threat actor is able to get [a] user’s password, they may not be [able to] use it to access the organisation’s data,” Syynimaa told Ars in an email interview.
Read 10 remaining paragraphs | Comments