Microsoft Exchange Autodiscover flaw reveals users’ passwords
Malwarebytes
SEPTEMBER 23, 2021
The credentials that are being leaked are valid Windows domain credentials used to authenticate to Microsoft Exchange servers. There is also no attempt on the client’s side to check if the resource is available, or even exists on the server, before sending an authenticated request. What is Autodiscover? How can it be abused?
Let's personalize your content