Autodiscover Email Bug leaked windows password: Danger! Thousands of windows password leaked by autodiscover email bug

0
158
 Autodiscover Email Bug leaked windows password: Danger!  Thousands of windows password leaked by autodiscover email bug
New Delhi
Cybersecurity researchers have discovered an Autodiscover email bug in Microsoft Exchange software, which is used by many companies. The email bug involves a feature called Autodiscover which is part of the email service. It has leaked thousands of employees’ window passwords, which hackers can collect. According to the new report, the email bug has also affected food companies, real estate firms and other companies in China.

Big blow to Vivo! Vivo X70 Pro and Vivo X70 Pro+ price leaked before launch in India, know price and all specificationsThe Autodiscover system is part of Microsoft Exchange. It can quickly configure users’ computers, laptops or smartphones with email using just the employee’s credentials. This can reduce the hassle faced by the computer administrator. Also can provide technology help through auto-configuration to the client using the employee’s username and password. Requests for this type of work are sometimes made to other domains such as autodiscover.com, which provide the required configuration details.

Now the water will come! MarQ M3 Smart smartphone of Flipkart brand has arrived, the price is less than 7 thousand rupees

According to a researcher from Guardicore Labs, the Autodiscover feature can be used to store and leak passwords. In April domains such as autodiscover.uk and autodiscover.fr were purchased and configured to have these usernames and passwords. According to a TechCrunch report, over 340,000 exchange account credentials were viewed. According to the researcher, these credentials were sent in plain text due to an email bug and this is how they were collected.

Researchers found that 96,000 credentials for Exchange emails were encrypted, but if they bounced because of a weak security request, the credentials would be sent again via plain text. This means that other credentials sent with low security such as un-encrypted methods are easily read and not protected by any encryption.

According to the researcher, companies have to enable their Autodiscover domain at the top, because according to the researcher users cannot see the leak. But app developers are working to fix it, due to which the full list of apps has not been revealed. After solving the problems, they are also planning to take control of the listed domain names, so that it is clear that criminals cannot misuse them.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.