Vulnerability in Office 365 Allows Hackers to Steal Credentials

Ooopsy! Another Microsft security blunder!

Office 365 bug allows hackers to steal credentials

ZDNet – “Anyone hosting a Word document on their webserver can steal Microsoft Office 365 credentials due to a bug in how the cloud service attempts to authenticate users.

Adallom chief software architect Noam Liran discovered the bug, outlining how it works on his blog.

Office 365 requires users to log in to their account, and, when downloading a document from a SharePoint server, it verifies the credentials of the currently logged-in user by sending an authentication token.

The token should only be sent when the server is on the sharepoint.com domain. However, Liran found that by running his own server and sending back responses that would be expected of a legitimate SharePoint server, the user’s computer would send the authentication token anyway.

‘Now, my malicious web server, in possession of your private Office 365 authentication token, can simply go to your organisation’s SharePoint Online site, download all of it, modify it, or do whatever it wants, and you will never know about it. In fact, you won’t even know you got hit! It’s the perfect crime,’ he wrote.

Adallom has created a proof of concept video demonstrating how authentication tokens can be stolen.”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.