A serious security vulnerability existed in the Microsoft login system. Researchers who found this flaw suspected that exploiting the flaw could lead to account hijacking.
Microsoft Login System Vulnerability
Reportedly, researchers from Israeli security firm CyberArk have discovered a serious vulnerability in the Microsoft login system. Exploiting the vulnerability could allow account takeovers by potential attackers. Mentioning in detail about this discovery, TechCrunch reported that the bug affected the apps integrated with Microsoft accounts.
The bug allowed attackers to quietly steal account tokens, which websites and apps use to grant users access to their accounts without having them to constantly re-enter their passwords.
A potential attacker could exploit the unregistered subdomains of these apps to create access tokens without users’ consent.
With the subdomains in hand, all an attacker would need is trick an unsuspecting victim into clicking on a specially crafted link in an email or on a website, and the token can be stolen.
However, in some cases, the attacker would require no user interaction at all, as a website with a malicious image could serve the purpose.
Fix Already Deployed
The researchers, after finding the vulnerability, worked to register many of the subdomains associated with vulnerable Microsoft applications. Nonetheless, they feared that there could be more of such subdomains.
They informed Microsoft of the flaw in October 2019. The tech giant has consequently confirmed deployment of a patch for it with November updates.
According to a Microsoft spokesperson’s statement to TechCrunch,
Hope this article helpful for you. Thank You
If You Appreciate What We Do Here On Hackonology, You Should Consider:
Hackonology is the fastest growing and most trusted community site where you can find lots of courses, articles about Technology/Hacking/Cracking. Millions of people visit Hackonology! to search or browse the thousands of published articles available FREELY to all.
Let's be a part of Hacker's Community! Join our Hacking Team
We Are Indian We Are Great
We resolved the issue with the applications mentioned in this report in November and customers remain protected.
This website certainly has all the information I needed
concerning this subject and didn’t know who to ask.
I’m impressed, I must say. Rarely do I encounter a blog that’s both equally educative and engaging, and let me tell you, you’ve hit the nail
on the head. The issue is an issue that too few men and women are speaking intelligently about.
I’m very happy that I stumbled across this in my search for something regarding this.
I’m not sure where you are getting your info, but good topic.
I needs to spend some time learning more or understanding more.
Thanks for magnificent info I was looking for this information for my mission.
My spouse and I stumbled over here coming from a different page
and thought I may as well check things out. I like
what I see so now i am following you. Look forward to finding out about your web page yet again.