Hundreds of Thousands of Windows Credentials Exposed by Microsoft Exchange Autodiscover Bug - PowerPoint PPT Presentation

About This Presentation
Title:

Hundreds of Thousands of Windows Credentials Exposed by Microsoft Exchange Autodiscover Bug

Description:

It appears that Microsoft users are still encountering challenges with email-related concerns. A problem that has infiltrated Outlook was recently reported. Then there's the most recent invasion. A design vulnerability in a function of the Microsoft Exchange email server has been identified, which may be used to capture Windows domain and app credentials from users all over the world. – PowerPoint PPT presentation

Number of Views:1
Slides: 11
Provided by: infosectrain
Tags:

less

Transcript and Presenter's Notes

Title: Hundreds of Thousands of Windows Credentials Exposed by Microsoft Exchange Autodiscover Bug


1
Hundreds of Thousands of Windows Credentials
Exposed by Microsoft Exchange Autodiscover Bug
www.infosectrain.com sales_at_infosectrain.com
2
It appears that Microsoft users are still
encountering challenges with email-related
concerns. A problem that has infiltrated Outlook
was recently reported. Then there's the most
recent invasion. A design vulnerability in a
function of the Microsoft Exchange email server
has been identified, which may be used to capture
Windows domain and app credentials from users all
over the world.
www.infosectrain.com sales_at_infosectrain.com
3
  • Amit Serper, AVP of Security Research at security
    firm Guardicore Labs, claimed he discovered
    credentials for firms from several industries
    when looking through the URLs that linked to
    their honeypots.
  • Food manufacturers
  • Investment banks
  • Power plants
  • Power delivery
  • Real estate 
  • Shipping and logistics
  • Fashion and jewelry
  • Publicly traded companies in the Chinese market
  • Serper revealed the findings of an investigation
    into Autodiscover, a technique used to
    authenticate to Microsoft Exchange servers and
    configure client access, on Wednesday. There are
    several versions of the protocol to choose from.
    Guardicore investigated a POX XML-based
    Autodiscover implementation and discovered a
    "design fault" that could be used to 'leak' web
    requests to Autodiscover domains outside of a
    user's domain as long as they were in the same
    top-level domain (TLD).
  • To test the protocol, the team initially
    registered and acquired a variety of TLD-based
    domains, such as Autodiscover.com.br,
    Autodiscover.com.cn, Autodiscover.com.fr, and
    Autodiscover.com.uk.


www.infosectrain.com sales_at_infosectrain.com
4

The researchers say they "were just waiting for
HTTP requests for different Autodiscover
endpoints to come" after assigning these domains
to a Guardicore web server. The intriguing
issue with a big portion of the requests we
received was that there was no attempt on the
client's side to check if the resource is
available or even exists on the server before
submitting an authenticated request, Serper said
in a study released today. He also claims that
the back-off mechanism is the source of the leak
since it is always attempting to resolve the
domain's Autodiscover section. It always fails to
reach the domain owner using the Autodiscover url
that is established automatically. In HTTP form,
all of the credentials that were collected had no
encryption at all. Serper recommends that
customers utilize more secure authentication
methods like NTLM and Oauth. Security Training
with InfosecTrain InfosecTrain is a worldwide
leader in IT security training and consultancy.
Enroll in one of our security training courses to
learn how to keep a healthy security posture and
avoid security breaches. Our highly skilled
instructors will provide you with all of the
knowledge and skills you will need to assure
preparedness and uncover methods to strengthen
your response when the worst happens to your and
your company's IT systems from unattended bugs
and security attacks.

www.infosectrain.com sales_at_infosectrain.com
5
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
6
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
7
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
8
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
9
(No Transcript)
10
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-722-11127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Hundreds of Thousands of Windows Credentials Exposed by Microsoft Exchange Autodiscover Bug" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!