Description
When NoPrompt is performing the "Web Login Check" for Linux, it always returns "Access Granted".
Based on the lines 152 and 153 the elif statement checks for two conditions:
elif "stay signed in" in source or "idsibutton9" in source:
return f"{GREEN}✅ Access Granted{RESET}"But the condition "idsbutton9" can also be found, when a face, fingerprint, pin or security key is requested:
Looking at the returned code at line 395 from the screenshot above, the string idsibutton9 can be found, resulting in a true elif statement:
<!-- [....] -->
<input type="submit" id="idsibutton9" class="win-button button_primary high-contrast-overrides button ext-button primary ext-primary" data-report-event="signin_submit" data-report-trigger="click" data-report-value="submit" data-bin="
<!-- [....] -->
How to reproduce
Tested user
- MFA required
- No Device platforms selected
- Microsoft Tenant Security activated (fallback to MS recommendation, all Device platforms should be selected by default)
Run the NoPrompt check for Linux:
$ python3 noprompt.py --useragent Linux
Description
When NoPrompt is performing the "Web Login Check" for Linux, it always returns "Access Granted".
Based on the lines 152 and 153 the
elifstatement checks for two conditions:But the condition "idsbutton9" can also be found, when a face, fingerprint, pin or security key is requested:
Looking at the returned code at line 395 from the screenshot above, the string
idsibutton9can be found, resulting in a true elif statement:How to reproduce
Tested user
Run the NoPrompt check for Linux: