Multi-factor Authentication (MFA) is a great way to increase security on web applications, remote desktop sessions, VPN, and virtually anywhere a user can log into. By introducing one or more additional factors into the authentication process you can prove somebody actually is who they say they are, and prevent a significant amount of impersonation and credential-based attacks. However, when adopting and implementing MFA technology it is important to understand exactly what it does and does not do, and what security gaps…
The post Bypassing MFA with Pass-the-Cookie appeared first on Insider Threat Security Blog.