Set as Homepage - Add to Favorites

【Watch When the Camellia Blooms Online】

Source:Openness Information Network Editor:Digital Culture Time:2025-06-26 04:14:22

Bug bounty hunter Sahad Nk recently uncovered a series of vulnerabilities that left Microsoft users’ accounts — from your Office documents to your Outlook emails — susceptible to hacking.

While working as a security researcher with cybersecurity site SafetyDetective,Watch When the Camellia Blooms Online Nk discovered that he was able to take over the Microsoft subdomain, http://success.office.com, because it wasn’t properly configured. This allowed the bug hunter to set up an Azure web app that pointed to the domain’s CNAME record, which maps domain aliases and subdomains to the main domain. By doing this, Nk not only takes control of the subdomain, but also receives any and all data sent to it.

This is where the second major vulnerability comes into play.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!
SEE ALSO: Microsoft’s redesigned Office icons showcase the future of the software suite

Microsoft Office, Outlook, Store, and Sway apps send authenticated login tokens to the http://success.office.comsubdomain. When a user logs in to Microsoft Live, login.live.com, the login token would leak over to the server controlled by Nk. He would then just have to send over an email to the user asking them to click a link, which would provide Nk with a valid session token — a way to log in to the user’s account without even needing their username or password. And, because Nk has access on Microsoft’s side, that link would come in the form of a login.live.com URL, bypassing phishing detection and even the savviest of internet users.

According to SafetyDetective, the issues were reported to Microsoft in June. They were fixed just last month, in November.

Featured Video For You
How to concoct (and remember!) an insanely secure password — Clarification Please

Topics Cybersecurity Microsoft

Previous:Best robot vacuum deal: Save $200 on Eufy X10 Pro Omni robot vacuum

Next:SpaceX's Starlink satellite launch in pictures

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

How to use reachability on the iPhone XBeijing's train carriages are transformed into audiobook librariesListen to an exclusive excerpt of Jason Segel's new novel 'Otherworld'MIT researchers create an AI bot that writes horror storiesThese kids dressed up as Maxine Waters for Halloween to #ReclaimCandyEllen dressed up as a Kardashian for Halloween and had Kourtney on her showPeople are getting locked out of their Google Docs, and it's badApple iPhone X will take Snapchat to the next levelHow to take screenshots with Apple's new iPhone XApple Photos can correctly identify your 'brassiere' photos in searchNASA scientists carve pumpkin masterpiecesThe new Amazon Oasis is big and waterproof, but it doesn't feel like progressGoogle's new 'Poly' service makes it easier to build VR and AR appsOsama bin Laden had the 'Charlie bit my finger' videoSlack went down, and naturally workers ran to Twitter to vent about it'PUBG' set to release on Xbox One in DecemberThese 'Wolfenstein 2' Easter eggs take aim at neoHow to use reachability on the iPhone XThis student's hilariously British costume definitely wins HalloweenRazer Phone specs reveal 120Hz screen, huge battery Where Is Dracula Really From, Anyway? Robert Frost’s Death Wish Pink Cigarettes: Notes on Lighting Up Hiroki Tsukuda’s “Enter the O”: A Haunting Alternate Reality Say “I Love You” With Our Special Valentine’s Day Box Set How to Be Perfect: An Illustrated Poem by Ron Padgett Things People Do: Four Paintings by Mernet Larsen The Actor James Mason Had a Great Sideline: Drawing Cats Pimped for a Part: The Story of My Mother’s Matchmaking A New Book from Beatrix Potter The Bizarre Books of George Leonard Herter Looking for Fractals in Literature What’s Better Than the War & Peace Miniseries? The Mr. Mantarian Subterfuge: A Story of Dog Boarding Furious George by Kim Beeman Too Clever: Oscar Wilde the Plagiarist Sixty Years of The Paris Review’s Design: A History A New Year’s Recommendation: The Score to “Thief of Bagdad” “More Rock and Roll! More Loud!” Giorgio Gomelsky, 1934–2016 Writing Advice from S. J. Perelman

2.0021s , 8200.0546875 kb

Copyright © 2025 Powered by 【Watch When the Camellia Blooms Online】,Openness Information Network  

Sitemap

Top

Quick Links