Top Voted Ideas: Last 30 Days
implement rate-limiting on the push notification to overcome the attack of overwhelming push notifications with Smartphone method
8
Idea ID: 2874131

Protect accessing to Network Share with MFA.

Mtrix GmbH Mtrix GmbH
Status : New Idea

For now it is possible to bypass AA Windows Client Credentials Provider when accessing Network Share from machine where AA Client installed. 

How to reproduce:

--

1. Make sure that AA Client installed on machine you accessing Netwotk Share from. 

2. e.g. open "This Computer"

3. Input Shared resource path into as address 

4. Press "Enter"

5. Windows Security windows pop ups

6. It is possible to input only username name and password with no MFA

Parents
  •  

    The suggestion is that security groups could be implemented with the Logon filter installed on the Domain Controller. Only authorized accounts should belong to the security group and to become a member of this security group should follow a strict request/approval workflow.

Comment
  •  

    The suggestion is that security groups could be implemented with the Logon filter installed on the Domain Controller. Only authorized accounts should belong to the security group and to become a member of this security group should follow a strict request/approval workflow.

Children
  •   in reply to Bruno Ubisse

    Hi Bruno,

    Thanks for idea, but as I know AA Logon Filter is not "popular" component. Moreover, AA guide says that the main goal of AA Logon Filter is "..prevent users to log in without the Advanced Authentication Windows Client.". But it is possible to bypass MFA with AA Windows Client installed.

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.