There is also an MFA bypass that I see often, it's the Resource Owner Password Credentials (ROPC) flow in OAuth.
Especially when you have an Microsoft M365/Azure tenant. Pretty much every client that I have ever tested had this issue. When ROPC is configured (which is the default) then you can just use a simple password to logon (and it bypasses MFA).
I see this a lot too. It makes password spraying very easy. I don't see anything in the article about remediation. Do you have any info for disabling it?
There is also an MFA bypass that I see often, it's the Resource Owner Password Credentials (ROPC) flow in OAuth.
Especially when you have an Microsoft M365/Azure tenant. Pretty much every client that I have ever tested had this issue. When ROPC is configured (which is the default) then you can just use a simple password to logon (and it bypasses MFA).
More details and a tool to test your own tenant: https://embracethered.com/blog/posts/2022/ropci-so-you-think...
If you use M365/Azure test and see if you can logon without MFA, you might be surprised.