A vulnerability in Microsoft s Active Directory Federation Services (ADFS) has been uncovered that would allow malicious actors to bypass multi-factor authentication (MFA) safeguards. The flaw (CVE-2018-8340), disclosed today, allows a second factor for one account to be used for all other accounts within an organization. This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. Microsoft has independently verified the issue and released a patch for the flaw.
Source: https://threatpost.com/microsoft-flaw-allows-full-multi-factor-authentication-bypass/135086/