Accenture researcher undercut WHfB's default authentication using open source Evilginx adversary-in-the-middle (AitM) reverse-proxy attack framework.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

An Accenture researcher discovered a vulnerability in Windows Hello for Business (WHfB) that allows downgrade attacks, enabling threat actors to bypass even biometric protections. Using the Evilginx adversary-in-the-middle attack framework, attackers can intercept and alter authentication requests, downgrading WHfB to less secure methods like passwords or OTPs. Microsoft has since released a fix, introducing a new Conditional Access capability called 'authentication strength,' which forces employees to use only phishing-resistant methods for authentication.

Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication

Authentication Downgrades With Adversary-in-the-Middle

Microsoft's Remediation: New Conditional Access Policy