Multi-factor Authentication (MFA) is a great way to increase security on web applications, remote desktop sessions, VPN, and virtually anywhere a user can log into. While MFA is great, it is not a security panacea and it should be looked at as one part of a total security strategy. Recently Ive been spending more time hands-on with MFA technology and wanted to test out ways that MFA could be bypassed by an attacker. One interesting technique I found was using browser cookies to get around MFA with a pass-the-cookie attack.”]
Source: https://stealthbits.com/blog/bypassing-mfa-with-pass-the-cookie/