Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

New Downgrade Attack Can Bypass FIDO Auth in Microsoft Entra ID

Summary by BleepingComputer
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.

7 Articles

BleepingComputerBleepingComputer
Center

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.

Read Full Article
Techzine EuropeTechzine Europe

Microsoft Entra ID attack weakens authentication

New FIDO downgrade attack threatens Microsoft Entra ID by forcing users to use weaker authentication, enabling phishing.

Read Full Article
cybernoz.comcybernoz.com

New Downgrade Attack Can Bypass FIDO Auth In Microsoft Entra ID - Cybernoz - Cybersecurity News

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. These weaker login channels are vulnerable to adversary-in-the-middle phishing attacks that employ tools like Evilginx, enabling attackers to snatch valid session cookies and hijack the accounts. Although the attack doesn’t prove a vuln…

Read Full Article
GBHackers On SecurityGBHackers On Security
Reposted by
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Hackers Deploy Dedicated Phishlet for FIDO Authentication Downgrade Attacks

Proofpoint researchers have uncovered a novel technique allowing threat actors to bypass FIDO-based authentication through downgrade attacks, leveraging a custom phishlet within adversary-in-the-middle (AiTM) frameworks. This method exploits gaps in browser compatibility and user agent handling, forcing victims to revert to less secure multi-factor authentication (MFA) mechanisms, thereby enabling credential theft and session hijacking. While [……

Read Full Article
Mobile ID WorldMobile ID World

FIDO Passkey Security Flaw Enables Authentication Downgrade Attacks

A newly discovered vulnerability in FIDO passkey authentication systems allows attackers to bypass their phishing-resistant security by forcing authentication through less secure legacy methods. The downgrade attack exploits inconsistent passkey support across different operating systems and browsers, potentially enabling adversary-in-the-middle (AiTM) phishing attacks. The discovery comes at a critical time when major technology companies like …

Read Full Article
it-daily.netit-daily.net

Fido Authentication Thwarted by Downgrade Attack

FIDO is considered to be particularly safe against phishing – but researchers have now discovered a gap that can eliminate even strong passkey authentication. A targeted downgrade technique could force attackers to use unsafe login methods. The risk is growing with the spread of FIDO. Proofpoint covers downgrade gap in FIDO to cybersecurity experts from Proofpoint have found a way to bypass FIDO authentication. "FIDO is synonymous with "Fast Ide…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

it-daily.net broke the news in on Wednesday, August 13, 2025.
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

News
For You
SearchBlindspotLocal