Root Causes 214: New DUO MFA Flaw Explained

A recent FBI warning cautions organizations about exploits based on misconfigured DUO MFA, which exploits weaknesses in Active Directory to provision credentials on DUO for malicious parties. This is an unusual story in several ways, including the fact that the exploit is based on a configuration error and that it's specific to a single, popular SaaS offering. Our hosts explain this exploit and why it is noteworthy.