Windows Hello vulnerability could allow threat actors to impersonate any user.
Cybersecurity experts have shared a proof-of-concept to bypass the Windows Hello biometric authentication system. Threat actors can exploit the bypass, demonstrated by identity and access management (IAM) vendor CyberArk, to access an organization’s sensitive data by impersonating a privileged account. Leaning on official figures from Microsoft that suggest that over 84% of Windows 10 users sign-in to their devices using Windows Hello, CyberArk argues that the bypass poses a grave security risk for businesses transitioning to password-less authentication.
