to risk! Thousands of Windows Passwords Leaked Due to Auto Discover Email Bug, Know Full Details

66
- Advertisement -

New Delhi
Cybersecurity researchers have discovered an email bug in Microsoft Exchange software, which is used by many companies. includes a feature called Autodiscover which is part of the email service. It has leaked thousands of employees’ window passwords, which hackers can collect. According to the new report, the email bug has also affected food companies, real estate firms and other companies in China. The Autodiscover system is part of Microsoft Exchange. It can quickly configure users’ computers, laptops or smartphones with email using just the employee’s credentials. This can reduce the hassle faced by the computer administrator. In addition, it can provide technology support through auto-configuration to the client using the employee’s username and password. Requests for this type of work are sometimes made to other domains such as autodiscover.com, which provide the required configuration details. According to a researcher from Guardicore Labs, the Autodiscover feature can be used to store and leak passwords. In April domains such as .uk and autodiscover.fr were purchased and configured to have these usernames and passwords. According to a TechCrunch report, over 340,000 exchange account credentials were viewed. According to the researcher, these credentials were sent in plain text due to an email bug and this is how they were collected. Researchers found that 96,000 credentials for Exchange emails were encrypted, but if they bounced because of a weak security request, the credentials would be sent again via plain text. This means that other credentials sent with low security such as un-encrypted methods are easily read and not protected by any encryption. According to the researcher, companies have to enable their Autodiscover domain at the top, because according to the researcher, users cannot see the leak. But app developers are working to fix it, due to which the full list of apps has not been revealed. After solving the problems, they are also planning to take control of the listed domain names, so that it is clear that criminals cannot misuse them.

[Attribution to NBT]

- Advertisement -