Skip to content

Hide Navigation Hide TOC

Potential MFA Bypass Using Legacy Client Authentication (53bb4f7f-48a8-4475-ac30-5a82ddfdf6fc)

Detects successful authentication from potential clients using legacy authentication via user agent strings. This could be a sign of MFA bypass using a password spray attack.

Cluster A Galaxy A Cluster B Galaxy B Level
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Potential MFA Bypass Using Legacy Client Authentication (53bb4f7f-48a8-4475-ac30-5a82ddfdf6fc) Sigma-Rules 1
Potential MFA Bypass Using Legacy Client Authentication (53bb4f7f-48a8-4475-ac30-5a82ddfdf6fc) Sigma-Rules Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2