On Vulnerabilities Disclosed in Microsoft Exchange Web Services
On November 2nd, researchers from Black Hills Information Security disclosed a technique for bypassing multi-factor authentication on Outlook Web Access. To be clear, this is not a vulnerability or defect in Duo’s service, but rather, it is a defect in Microsoft Exchange Web Services.