LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

How MFA can be bypassed by a push notification

View organization page for Rapid7

199,436 followers

1w

📱 MFA is often touted as a cure-all for data breaches. But a well-timed push notification might be all that a malicious actor needs to get a foothold. In a new PenTales blog, a Rapid7 expert details how they gained access to an established university's systems – all thanks to one unsuspecting professor: http://xmrrwallet.com/cmx.pr-7.co/3IMdcaK

Weak passwords, Weaker MFA Protocols, and One Absent-Minded Professor

Weak passwords, Weaker MFA Protocols, and One Absent-Minded Professor rapid7.com

2 Comments

Trevor Christiansen, graphic

Trevor Christiansen

Application Penetration Tester

1w

Love this

Chip Lewis, graphic

Manager, Security and Compliance, PCI-ASV, CISSP

1w

This was a great read. Using both known vulnerabilities and weaknesses like open ports to gain access.

See more comments

To view or add a comment, sign in

Rapid7

199,436 followers

View Profile Follow

More from this author

Explore topics