If they enter an email address, the protocol assumes that the domain it contains is also the organization’s Windows domain. Therefore they use Autodiscover to search for a configuration URL of an Exchange server in the Windows domain of the logon. The Microsoft mail programs try to make it as easy as possible for the user to set up his e-mail account. Guardicore was able to read these login data because they leaked into the public network due to an error in the design of the protocol. However, the security company does not want to identify the victims more precisely. According to Gaurdicore, the affected organizations are banks, transport companies, food manufacturers, large listed companies in the Chinese market as well as power plant and electricity network operators in several countries. The login attempts came from Outlook and mobile e-mail programs from Microsoft and other providers who tried to connect to Exchange servers of organizations after setting up a new e-mail account. This resulted in the logon data of 96,671 Windows accounts – in plain language. In total, they managed to spy on more than 372,000 login attempts for Windows domains in just under four months. They mainly focused on Windows credentials. Guardicore security researcher have now documented successful attempts to spy on such login data via Autodiscover.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |