Cybersecurity researchers have discovered an Autodiscover email bug in Microsoft Exchange software, which is used by many companies. The email bug involves a feature called Autodiscover which is part of the email service. It has leaked thousands of employees’ window passwords, which hackers can collect. According to the new report, the email bug has also affected food companies, real estate firms and other companies in China.
Big blow to Vivo! Vivo X70 Pro and Vivo X70 Pro+ price leaked before launch in India, know price and all specifications
Now the water will come! MarQ M3 Smart smartphone of Flipkart brand has arrived, the price is less than 7 thousand rupees
According to a researcher from Guardicore Labs, the Autodiscover feature can be used to store and leak passwords. In April domains such as autodiscover.uk and autodiscover.fr were purchased and configured to have these usernames and passwords. According to a TechCrunch report, over 340,000 exchange account credentials were viewed. According to the researcher, these credentials were sent in plain text due to an email bug and this is how they were collected.
Researchers found that 96,000 credentials for Exchange emails were encrypted, but if they bounced because of a weak security request, the credentials would be sent again via plain text. This means that other credentials sent with low security such as un-encrypted methods are easily read and not protected by any encryption.
According to the researcher, companies have to enable their Autodiscover domain at the top, because according to the researcher users cannot see the leak. But app developers are working to fix it, due to which the full list of apps has not been revealed. After solving the problems, they are also planning to take control of the listed domain names, so that it is clear that criminals cannot misuse them.