Cybersecurity researchers have been able to collect thousands of Windows domain and application credentials because of design and implementation of the Autodiscover protocol of Microsoft Exchange.
The Exchange Autodiscover service, according to Microsoft, “provides an easy way for your client application to configure itself with minimal user input.” Researchers reported in 2017 that implementation difficulties with Autodiscover on mobile email clients could lead to data leaking, and the vulnerabilities were addressed at the time.
However, an examination conducted earlier this year by cloud and data center security firm Guardicore’s revealed that Autodiscover’s design and implementation still have several severe flaws.
To Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News