It appears that Microsoft users are still encountering challenges with email-related concerns. A problem that has infiltrated Outlook was recently reported.
https://www.infosectrain.com/courses/cissp-certification-training/
Hundreds of Thousands of Windows Credentials Exposed by Microsoft Exchange Autodiscover Bug.pptx
1. Hundreds of Thousands of Windows
Credentials Exposed by Microsoft
Exchange Autodiscover Bug
www.infosectrain.com | sales@infosectrain.com
2. www.infosectrain.com | sales@infosectrain.com
It appears that Microsoft users are still encountering challenges with email-related
concerns. A problem that has infiltrated Outlook was recently reported. Then there's the
most recent invasion. A design vulnerability in a function of the Microsoft Exchange
email server has been identified, which may be used to capture Windows domain and
app credentials from users all over the world.
3. www.infosectrain.com | sales@infosectrain.com
Amit Serper, AVP of Security Research at security firm Guardicore Labs, claimed he
discovered credentials for firms from several industries when looking through the URLs
that linked to their honeypots.
• Food manufacturers
• Investment banks
• Power plants
• Power delivery
• Real estate
• Shipping and logistics
• Fashion and jewelry
• Publicly traded companies in the Chinese market
Serper revealed the findings of an investigation into Autodiscover, a technique used to
authenticate to Microsoft Exchange servers and configure client access, on Wednesday.
There are several versions of the protocol to choose from. Guardicore investigated a POX
XML-based Autodiscover implementation and discovered a "design fault" that could be
used to 'leak' web requests to Autodiscover domains outside of a user's domain as long
as they were in the same top-level domain (TLD).
To test the protocol, the team initially registered and acquired a variety of TLD-based
domains, such as Autodiscover.com.br, Autodiscover.com.cn, Autodiscover.com.fr, and
Autodiscover.com.uk.
4. www.infosectrain.com | sales@infosectrain.com
The researchers say they "were just waiting for HTTP requests for different Autodiscover
endpoints to come" after assigning these domains to a Guardicore web server.
“The intriguing issue with a big portion of the requests we received was that there was no
attempt on the client's side to check if the resource is available or even exists on the
server before submitting an authenticated request,” Serper said in a study released
today.
He also claims that the back-off mechanism is the source of the leak since it is always
attempting to resolve the domain's Autodiscover section. It always fails to reach the
domain owner using the Autodiscover url that is established automatically. In HTTP form,
all of the credentials that were collected had no encryption at all. Serper recommends
that customers utilize more secure authentication methods like NTLM and Oauth.
Security Training with InfosecTrain
InfosecTrain is a worldwide leader in IT security training and consultancy. Enroll in one of
our security training courses to learn how to keep a healthy security posture and avoid
security breaches. Our highly skilled instructors will provide you with all of the knowledge
and skills you will need to assure preparedness and uncover methods to strengthen your
response when the worst happens to your and your company's IT systems from
unattended bugs and security attacks.
5. About InfosecTrain
• Established in 2016, we are one of the finest
Security and Technology Training and
Consulting company
• Wide range of professional training programs,
certifications & consulting services in the IT
and Cyber Security domain
• High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com | sales@infosectrain.com
7. Why InfosecTrain Global Learning Partners
Flexible modes
of Training
Tailor Made
Training
Post training
completion
Certified and
Experienced Instructors
Access to the
recorded
sessions
www.infosectrain.com | sales@infosectrain.com
10. Contact us
Get your workforce reskilled
by our certified and
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-722-11127 /
UK : +44 7451 208413
sales@infosectrain.com
www.infosectrain.com