A public proof of concept PoC exploit has been released for the Microsoft Azure Active Directory credentials brute forcing flaw discovered by Secureworks and first reported by Ars. The exploit enables anyone to perform both username enumeration and password brute forcing on vulnerable Azure servers. Although Microsoft had initially called the Autologon mechanism a design choice, it appears, the company is now working on a solution. Yesterday, a password spraying PoC exploit was published for...

Read the full article at Arstechnica