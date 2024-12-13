Non-human identity management firm Oasis Security has disclosed the details of an attack that allowed its researchers to bypass Microsoft’s multi-factor authentication (MFA) implementation. The attack method, dubbed AuthQuake, was reported to Microsoft in late June and a temporary fix was rolled out a few days later. The tech giant released a permanent fix in October. According to Oasis, the vulnerability, which is described as critical, could have allowed threat actors to bypass Microsoft’s MFA and gain access to accounts — provided that they had the target’s username and password.

