CredMaster
CredMaster copied to clipboard
knavesec
o365 plugin does not work anymore
Hello,
I recently found out the the o365 module uses the autodiscover login (https://autodiscover-s.outlook.com) with BasicAuth to do the spraying. Recently, Microsoft have block Basic Auth authentication on all tenant (see https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online).
Is there plans to change the login method used by the module to fix this ?
Thanks
Interesting. I opened a similar issue: https://github.com/knavesec/CredMaster/issues/67. Do you think what I am seeing is because of what actually Microsoft implemented?
Confirming here that with valid creds Credmaster still says authentication failed using the o365 plugin.
The MSOL and AzureSSO plugins still work. However, both trigger Smart Lockout after about 10 failed logins, which the o365 plugin did not. It's a shame; it appears the era of easy Microsoft spraying are over (unless anyone else has found a way to bypass Smart Lockout that I've missed).
Hey everyone, you're all correct, it does appear that the o365 plugin is dead, may it rest in peace. I'll update the docs and plugin details to reflect this and close this issue when complete
Tagging all those above: @TwistedSim @alecmoran1 @LukeLauterbach @kpomeroy1979 @TheToddLuci0
Would the community prefer this plugin be simply removed, have a big "WARNING" sign upon running (but still running as usual), or just run with an error message stating "this plugin is no longer supported, see MS docs: here"
According to Microsoft, no one can enable the Basic Authentication on any tenant:
Now no one (you or Microsoft support) can re-enable Basic authentication in your tenant
Not sure it's worth keeping since it should not work on any tenant.