1 / 10

Hundreds of Thousands of Windows Credentials Exposed by Microsoft Exchange Autodiscover Bug

It appears that Microsoft users are still encountering challenges with email-related concerns. A problem that has infiltrated Outlook was recently reported. <br><br>https://www.infosectrain.com/courses/cissp-certification-training/<br>

infosectrain02
Télécharger la présentation

Hundreds of Thousands of Windows Credentials Exposed by Microsoft Exchange Autodiscover Bug

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hundreds of Thousands of Windows Credentials Exposed by Microsoft Exchange Autodiscover Bug www.infosectrain.com | sales@infosectrain.com

  2. It appears that Microsoft users are still encountering challenges with email-related concerns. A problem that has infiltrated Outlook was recently reported. Then there's the most recent invasion. A design vulnerability in a function of the Microsoft Exchange email server has been identified, which may be used to capture Windows domain and app credentials from users all over the world. www.infosectrain.com | sales@infosectrain.com

  3. Amit Serper, AVP of Security Research at security firm Guardicore Labs, claimed he discovered credentials for firms from several industries when looking through the URLs that linked to their honeypots. • Food manufacturers • Investment banks • Power plants • Power delivery • Real estate  • Shipping and logistics • Fashion and jewelry • Publicly traded companies in the Chinese market • Serper revealed the findings of an investigation into Autodiscover, a technique used to authenticate to Microsoft Exchange servers and configure client access, on Wednesday. There are several versions of the protocol to choose from. Guardicore investigated a POX XML-based Autodiscover implementation and discovered a "design fault" that could be used to 'leak' web requests to Autodiscover domains outside of a user's domain as long as they were in the same top-level domain (TLD). • To test the protocol, the team initially registered and acquired a variety of TLD-based domains, such as Autodiscover.com.br, Autodiscover.com.cn, Autodiscover.com.fr, and Autodiscover.com.uk. www.infosectrain.com | sales@infosectrain.com

  4. The researchers say they "were just waiting for HTTP requests for different Autodiscover endpoints to come" after assigning these domains to a Guardicore web server. “The intriguing issue with a big portion of the requests we received was that there was no attempt on the client's side to check if the resource is available or even exists on the server before submitting an authenticated request,” Serper said in a study released today. He also claims that the back-off mechanism is the source of the leak since it is always attempting to resolve the domain's Autodiscover section. It always fails to reach the domain owner using the Autodiscover url that is established automatically. In HTTP form, all of the credentials that were collected had no encryption at all. Serper recommends that customers utilize more secure authentication methods like NTLM and Oauth. Security Training with InfosecTrain InfosecTrain is a worldwide leader in IT security training and consultancy. Enroll in one of our security training courses to learn how to keep a healthy security posture and avoid security breaches. Our highly skilled instructors will provide you with all of the knowledge and skills you will need to assure preparedness and uncover methods to strengthen your response when the worst happens to your and your company's IT systems from unattended bugs and security attacks. www.infosectrain.com | sales@infosectrain.com

  5. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  6. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  7. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  8. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  9. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-722-11127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related