Title: Hundreds of Thousands of Windows Credentials Exposed by Microsoft Exchange Autodiscover Bug
1Hundreds of Thousands of Windows Credentials
Exposed by Microsoft Exchange Autodiscover Bug
www.infosectrain.com sales_at_infosectrain.com
2It appears that Microsoft users are still
encountering challenges with email-related
concerns. A problem that has infiltrated Outlook
was recently reported. Then there's the most
recent invasion. A design vulnerability in a
function of the Microsoft Exchange email server
has been identified, which may be used to capture
Windows domain and app credentials from users all
over the world.
www.infosectrain.com sales_at_infosectrain.com
3 - Amit Serper, AVP of Security Research at security
firm Guardicore Labs, claimed he discovered
credentials for firms from several industries
when looking through the URLs that linked to
their honeypots. - Food manufacturers
- Investment banks
- Power plants
- Power delivery
- Real estate
- Shipping and logistics
- Fashion and jewelry
- Publicly traded companies in the Chinese market
- Serper revealed the findings of an investigation
into Autodiscover, a technique used to
authenticate to Microsoft Exchange servers and
configure client access, on Wednesday. There are
several versions of the protocol to choose from.
Guardicore investigated a POX XML-based
Autodiscover implementation and discovered a
"design fault" that could be used to 'leak' web
requests to Autodiscover domains outside of a
user's domain as long as they were in the same
top-level domain (TLD). - To test the protocol, the team initially
registered and acquired a variety of TLD-based
domains, such as Autodiscover.com.br,
Autodiscover.com.cn, Autodiscover.com.fr, and
Autodiscover.com.uk.
www.infosectrain.com sales_at_infosectrain.com
4 The researchers say they "were just waiting for
HTTP requests for different Autodiscover
endpoints to come" after assigning these domains
to a Guardicore web server. The intriguing
issue with a big portion of the requests we
received was that there was no attempt on the
client's side to check if the resource is
available or even exists on the server before
submitting an authenticated request, Serper said
in a study released today. He also claims that
the back-off mechanism is the source of the leak
since it is always attempting to resolve the
domain's Autodiscover section. It always fails to
reach the domain owner using the Autodiscover url
that is established automatically. In HTTP form,
all of the credentials that were collected had no
encryption at all. Serper recommends that
customers utilize more secure authentication
methods like NTLM and Oauth. Security Training
with InfosecTrain InfosecTrain is a worldwide
leader in IT security training and consultancy.
Enroll in one of our security training courses to
learn how to keep a healthy security posture and
avoid security breaches. Our highly skilled
instructors will provide you with all of the
knowledge and skills you will need to assure
preparedness and uncover methods to strengthen
your response when the worst happens to your and
your company's IT systems from unattended bugs
and security attacks.
www.infosectrain.com sales_at_infosectrain.com
5About InfosecTrain
- Established in 2016, we are one of the finest
Security and Technology Training and Consulting
company - Wide range of professional training programs,
certifications consulting services in the IT
and Cyber Security domain - High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com sales_at_infosectrain.com
6Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
7Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
8Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
9(No Transcript)
10Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-722-11127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com