Skip to main content (Press Enter).
Skip auxiliary navigation (Press Enter).
Terms and Conditions
Skip main navigation (Press Enter).
Research Working Groups
The Inner Circle
Back to discussions
Jon-Michael C. Brook
Posted Sep 23, 2021 07:45:00 AM
Autodiscover, a protocol used by Microsoft Exchange for automatic configuration of clients such as Microsoft Outlook, has a design flaw that causes the protocol to "leak" web requests to Autodiscover domains outside of the user's domain but in the same TLD (i.e. Autodiscover.com).
Guardicore Labs acquired multiple Autodiscover domains with a TLD suffix and set them up to reach a web server that we control. Soon thereafter, we detected a massive leak of Windows domain credentials that reached our server.
Between April 16th, 2021 to August 25th, 2021 we have captured:
Windows domain credentials
credentials that leaked from various applications such as Microsoft Outlook, mobile email clients and other applications interfacing with Microsoft's Exchange server.
Cloud vulns of the past 4 weeks
- Log Analytics role privesc:
- org policies bypass:
- WorkSpaces client RCE: New Rhino Blog: CVE-2021-38112: AWS WorkSpaces Remote Code Execution
Jon-Michael C. Brook CISSP, CCSK, AWS Solutions Arch
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Copyright 2020. All rights reserved.
Powered by Higher Logic