Mobile App vulnerability
Adding to the vulnerability reported in
https://pitstop.manageengine.com/portal/en/community/topic/adssp-mobile-app-does-not-follow-the-mfa-for-reset-unlock
The enabled setting:
Self-Service > Multi-factor Authentication > MFA for Reset/Unlock > MFA for ADSelfService Plus Login
https://pitstop.manageengine.com/portal/en/community/topic/adssp-mobile-app-does-not-follow-the-mfa-for-reset-unlock
The enabled setting:
Self-Service > Multi-factor Authentication > MFA for Reset/Unlock > MFA for ADSelfService Plus Login
When using Change Password on the Web-browser of a laptop/desktop, this bring a MFA option to go through which is good and needed.
However, when performing Change Password from the mobile app, there is No MFA requested.. After login it takes you straight to Change password page... this is a vulnerability when ADSSP is made available on the Public network...
However, when performing Change Password from the mobile app, there is No MFA requested.. After login it takes you straight to Change password page... this is a vulnerability when ADSSP is made available on the Public network...
Topic Participants
Vitus Quinny
ADSelfService Plus
brandon.muncy
Gregory Banks
Steve Albuquerque
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?