Tag
#mfa
3 posts tagged #mfa.
-
Field Note · Jul 5, 2026 · Colten Anderson
Russian intelligence turned off an NGO's MFA with a text file
AA22-074A didn't beat multi-factor auth with an exploit. It made the MFA server unreachable and let the fail-open default do the rest. Here's the twenty-minute audit that tells you whether yours would do the same.
-
Analysis · Jul 5, 2026 · Colten Anderson
Nobody broke your MFA. They took the token it handed out.
Across four theft vectors and a half-dozen named campaigns, the pattern is the same: the session cookie, refresh token, or Entra PRT minted after MFA is the live credential, and the controls that guard the login don't guard the session.
-
Analysis · May 25, 2026 · Colten Anderson
SonicWall patched CVE-2024-12802 and left the bug in place on Gen6
The firmware update closes the code path but does not rewrite the LDAP config the exploit actually uses. On Gen6, that distinction is the whole vulnerability.