jemikwa@lemmy.blahaj.zonetoCybersecurity@sh.itjust.works•MFA soon compulsory for AWS users, passwordless authentication an optionEnglish
4·
4 months agoIt says in the article that this won’t apply to org member accounts yet, but I wonder how it’ll work eventually. Member accounts created via account factory don’t even have a password, so you have to go through email account recovery to set one and then set up MFA. If this only applies to root users with passwords, that’s fine, otherwise I hope account factory will get a way to set up PW/MFA on a generated root user.
Sounds like it’s something client side or specific to Microsoft’s o365/outlook.com servers. Could be the exploit bypasses header verdicts for SPF/dkim/dmarc