DEF CON 29 Cloud Village – Cassandra Young – Exploiting the O365 Duo 2FA Misconfiguration

A common methodology used by companies to implement Duo 2-factor authentication for O365 can, if not configured properly, result in a loophole that allows mobile clients to authenticate without being prompted. This short talk will provide background on the authentication types involved, show the incomplete configuration, and demonstrate how to exploit using mobile devices.DEFCONConferenceRead More