Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search
Red Hot Cyber Academy

FIDO Downgrade Attacks, a New Authentication Threat

Redazione RHC : 21 August 2025 18:26

Proofpoint researchers have identified a sophisticated downgrade attack that could bypass FIDO-based authentication, exposing targets to adversary-in-the-middle (AiTM) threats.
These are some of the key findings the researchers found:

  • Using a dedicated “phishlet,” attackers could downgrade FIDO-based authentication to less secure methods, exposing targets to adversary-in-the-middle (AiTM) threats.
  • This attack exploits a seemingly insignificant gap in functionality, where not all web browsers support the “passkey” authentication method (FIDO2) with Microsoft Login ID, allowing attackers to spoof an unsupported “user agent” and force a less secure authentication method.
  • Although technically possible, Proofpoint researchers have not yet observed FIDO authentication downgrade attacks “in the wild,” with attackers’ focus remaining on accounts with other MFA methods or no MFA methods at all.

Despite the lack of observed use by threat actors, Proofpoint considers FIDO authentication downgrade attacks to be a significant emerging threat. These attacks could be conducted by sophisticated adversaries and APTs (particularly state-sponsored actors or technically savvy hackers).


Proofpoint researchers emphasize: “It is important to note that FIDO-based passkeys remain a highly recommended authentication method to protect against prevalent credential phishing and account takeover (ATO) threats.”


Looking ahead, as awareness of the risks posed by AiTM phishing grows and more organizations adopt “phishing-resistant” authentication methods like FIDO, attackers may seek to evolve existing tactics, techniques, and procedures (TTPs) by incorporating FIDO authentication downgrades into their kill chains.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli