What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

News Exchange/Outlook Autodiscover Bug Spills Emails/Passwords in plain text

Wallace_n_Gromit

Wallace_n_Gromit

Senior Member
Autodiscover was first introduced in Exchange 2007.

threatpost.com

Exchange/Outlook Autodiscover Bug Spills 100K+ Email Passwords

Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
threatpost.com threatpost.com

www.bleepingcomputer.com

Microsoft Exchange Autodiscover bugs leak 100K Windows credentials

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide.
www.bleepingcomputer.com www.bleepingcomputer.com

As a kludge, Microsoft has begun registering autodiscover.* TLD's around the world since mid-September (BEFORE THE BAD GUYS DO) such as:

autodiscover.af autodiscover.tl autodiscover.pn autodiscover.ax autodiscover.gf autodiscover.pr autodiscover.as autodiscover.tf autodiscover.re autodiscover.ag autodiscover.gl autodiscover.rw autodiscover.am autodiscover.gp autodiscover.lc autodiscover.ac autodiscover.gt autodiscover.pm autodiscover.by autodiscover.gy autodiscover.st autodiscover.bj autodiscover.ht autodiscover.sn autodiscover.bi autodiscover.hn autodiscover.sc autodiscover.cm autodiscover.hk autodiscover.sl autodiscover.cl autodiscover.je autodiscover.sx autodiscover.do autodiscover.ke autodiscover.sk Security Now! #838 12 autodiscover.tl autodiscover.ly autodiscover.sb autodiscover.gf autodiscover.li autodiscover.so autodiscover.tf autodiscover.mg autodiscover.so autodiscover.gl autodiscover.mw autodiscover.gs autodiscover.af autodiscover.mq autodiscover.com.es autodiscover.ax autodiscover.yt autodiscover.org.es autodiscover.as autodiscover.mn autodiscover.ch autodiscover.ag autodiscover.ms autodiscover.tj autodiscover.am autodiscover.ma autodiscover.tg autodiscover.ac autodiscover.na autodiscover.tt autodiscover.by autodiscover.nz autodiscover.ug autodiscover.bj autodiscover.ni autodiscover.vi autodiscover.bi autodiscover.ng autodiscover.uz autodiscover.cm autodiscover.nf autodiscover.vu autodiscover.cl autodiscover.pa autodiscover.vn autodiscover.do autodiscover.pe autodiscover.wf
Click to expand...

www.thesecmaster.com

How To Fix The Microsoft Exchange Autodiscover Flaw?

The flaw can cause massive damage to the business. It is highly important to address this issue. Let's see how to fix the Microsoft Exchange Autodiscover flaw.
www.thesecmaster.com www.thesecmaster.com

discussion of the Autodiscover bug begins 1:16:48 into Security Now show
 
Last edited:
You must log in or register to reply here.

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,089 (members: 13, guests: 1,076)
Back
Top