Mitigating against the Modlishka 2FA-busting automated attack tool

Researcher makes automated tool for cracking 2FA available for public download, but is this actually good news for the enterprise?

Automation is at the heart of Modlishka and it is this – along with the man-in-the-middle nature of the proxy which enables the real-time collection of 2FA token – that makes Modlishka such a powerful hacking tool. The author of Modlishka does issue a disclaimer on GitHub: “This tool is made only for educational purposes and can be only used in legitimate penetration tests. Author does not take any responsibility for any actions taken by its users.” SC Media UK has been asking the broader security industry for its opinion.

Click here to read complete article