Windows Logins And Passwords Leaked Due To Bugs

Share post:

Around 100,000 login names and passwords for Windows domains have been leaked by bugs.

This was due to the incorrect implementation of Microsoft Exchange’s Autodiscover feature, which resulted in Windows credentials being sent to untrusted third-party websites.

Microsoft Exchange uses an Autodiscover feature to automatically configure a user’s email client, such as Microsoft Outlook, using the company’s predefined email settings.

The issue starts when a client cannot successfully authenticate the Autodiscover URL to Microsoft Exchange Server. Microsoft would perform a “back-off” procedure by creating additional URLs.

It is therefore this faulty implementation of the Autodiscover protocol that causes mail clients to authenticate to untrusted domains.

In investigating the problem, Guardicore’s security research AVP, Amit Serper, has identified some methods that organizations and developers could utilize to mitigate these Microsoft Exchange Autodiscover leaks.

These include blocking all Autodiscover.[tld] domains of different organizations, firewall or DNS servers, so that their devices cannot connect to them.

Businesses are also urged to disable Basic authentication as it sends credentials in cleartext.

Software developers are advised to prevent their mail clients from failing upwards when building Autodiscover URLs to ensure they never connect to Autodiscover. [tld] domains.

For more information, read the original story in BleepingComputer.


Related articles

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

MIT students exploit blockchain vulnerability to steal 25 million dollars

Two MIT students have been implicated in a highly sophisticated cryptocurrency heist, where they reportedly exploited a vulnerability...

Cyber Security Today, May 15, 2024 – Ebury botnet still exploits Linux servers, Microsoft, SAP and Apple issue security updates

The Ebury botnet continues to exploit Linux servers, Microsoft, SAP and Apple issue security updates, and more. Welcome to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways