MFASweep icon indicating copy to clipboard operation
MFASweep copied to clipboard

Published 20 hours ago verified publisher icon dafthack

Legacy and Basic Authentication

Open Zamanry opened this issue 2 years ago • 2 comments

With Microsoft's off/on intentions to disable legacy and basic authentication methods, is it possible to add support to check for legacy and basic authentication support? These methods do not allow MFA requirements and would fit well with the tool. I understand that you can connect via other methods and see if it is supported, but this is not automated.

To be clear, this is not my area of expertise; so I may be lacking in some of my understanding here. Hence let me know if I am missing something.

Zamanry avatar Jun 09 '22 14:06 Zamanry

Hi @Zamanry,

To check for legacy authentication protocols on O365, threat actors are using the user agent "BAV2ROPC". MFASweep could be updated to support this custom user agent.

Regards

lampnout avatar Jul 26 '22 21:07 lampnout

Nice find! Also, looks like Microsoft is fully removing Basic Authentication in Exchange Online. They previously had disabled it by default, but didn't remove the feature which had some people enabling it again. https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

Zamanry avatar Aug 25 '22 01:08 Zamanry