Legacy and Basic Authentication
Zamanry opened this issue · 2 comments
With Microsoft's off/on intentions to disable legacy and basic authentication methods, is it possible to add support to check for legacy and basic authentication support? These methods do not allow MFA requirements and would fit well with the tool. I understand that you can connect via other methods and see if it is supported, but this is not automated.
To be clear, this is not my area of expertise; so I may be lacking in some of my understanding here. Hence let me know if I am missing something.
Hi @Zamanry,
To check for legacy authentication protocols on O365, threat actors are using the user agent "BAV2ROPC". MFASweep could be updated to support this custom user agent.
Regards
Nice find! Also, looks like Microsoft is fully removing Basic Authentication in Exchange Online. They previously had disabled it by default, but didn't remove the feature which had some people enabling it again. https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online