New exploit shows two-factor authentication is also vulnerable

KnowBe4's Chief Hacking Officer Kevin Mitmil had recently explained about an exploit that allowed him to easily bypass the two-factor authentication (2FA).

    Privacy has always been a major concern among the users while surfing the web. With the rise in numbers of e-commerce portals and countries' own effort for a digital India, the use of various modes of authentication is also quite evident these days. We all know about the various digital wallet companies that use two-factor authentication for data protection.

    New exploit shows two-factor authentication is also vulnerable

    Although, the two-factor authentication might sound foolproof solution, however, this is not the case. As per security awareness training provider, KnowBe4's Chief Hacking Officer Kevin Mitmil had recently explained about an exploit that allowed him to easily bypass the two-factor authentication (2FA). It is being reported that the hack was demonstrated in a public video that showcased Mitnick convincing a victim to visit a domain that was an imitation to capture their login details along with 2FA authentication code.

    Also, by using the exploit, Mitnick was able to use the credential on the actual website. He was also able to capture the session cookie in order to login indefinitely. Further, Mitnick also used time two-factor authentication in order to trick a login and get all the authentication data. CEO of KnowBe4 Stu Sjouwerman quoted on the same stating:

    Xiaomi's Global Mi Home Experience Store in Delhi: Products Rundown

    "A white hat hacker friend of Kevin's developed a tool to bypass two-factor authentication using social engineering tactics - and it can be weaponized for any site...Two-factor authentication is intended to be an extra layer of security, but in this instance, we clearly see that you can't rely on it alone to protect your organizations."

    New exploit shows two-factor authentication is also vulnerable

    It is being reported that the tool called evilginx, was first developed by a white hat hacker Kuba Gretzky and it has been detailed in a post on his website. As the tool was publically demonstrated, Sjouwerman has estimated that hackers might begin to use it in the next few weeks. He has further urged the users and IT managers to toughen up their security protocols in order to prevent any security breaches.

    India's LARGEST EVER political poll. Have you participated yet?
    Opinion Poll
    X

    Stay updated with latest technology news & gadget reviews - Gizbot

    We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more