Azure CLI Password Spray Bypasses MFA

Azure CLI Password Spray

An Azure CLI password spray campaign made more than 81 million login attempts against Microsoft accounts over two weeks and successfully compromised 78 accounts across 64 organizations — a meaningful share of which believed multi-factor authentication already protected them. The attackers did not break MFA. They found a legacy authentication path that most Conditional Access…

Read More