Hacker Kevin Mitnick shows how can bypass Two-factor authentication
A major exploit allows hackers to spoof two-factor authentication
applications by sending a user to a fake login page and then keeping the
username, password, and session cookie
KnowBe4 is the world’s protecting
security awareness training provider and also phishing firm with a
massive client base of 17,000 organizations across the world.
Chief Hacking Officer knowbe4,
Kevin Mitnick
showed that how hackers to spoof two-factor authentication in a public
video. By persuading a victim to visit a typo-squatting domain liked
“Lunked.com” and capturing the login, password, and authentication code,
the hacker can pass the credentials to the actual site and capture the
session cookie. Once this is done the hacker can login frequently. This
actually uses the one time 2FA code as a way to spoof a login and grab
data.
“A white hat hacker friend of Kevin’s developed a tool to bypass
two-factor authentication using social engineering tactics – and it can
be weaponized for any site,” said Stu Sjouwerman, KnowBe4 CEO.
“Two-factor authentication is intended to be an extra layer of security,
but in this instance, we clearly see that you can’t rely on it alone to
protect your organization.”
↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑
“Two-factor authentication is
intended to be an extra layer of security, but in this instance, we
clearly see that you can’t rely on it alone to protect your
organization,”
added Sjouwerman.
Tool For buypass Two-factor authentication
