FlagThis

Oasis Security researchers discovered a critical vulnerability in Microsoft’s Azure Multi-Factor Authentication (MFA) that allows attackers to bypass it, gaining unauthorized access to user accounts across various Microsoft services. This bypass affects Outlook emails, OneDrive files, Teams chats, and Azure Cloud resources. This vulnerability does not have a CVE ID, highlighting the need for immediate patching. The attack exploits a flaw in the authentication process, allowing for complete account takeover without needing valid MFA credentials.