Geeks for your information News Privacy & Security News v
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  31 August 21, 12:53
Quote:A serious security vulnerability in Microsoft Exchange Server that researchers have dubbed ProxyToken could allow an unauthenticated attacker to access and steal emails from a target’s mailbox.
 
Microsoft Exchange uses two websites; one, the front end, is what users connect to in order to access email. The second is a back-end site that handles the authentication function.
 
“The front-end website is mostly just a proxy to the back end. To allow access that requires forms authentication, the front end serves pages such as /owa/auth/logon.aspx,” according to a Monday posting on the bug from Trend Micro’s Zero Day Initiative. “For all post-authentication requests, the front end’s main role is to repackage the requests and proxy them to corresponding endpoints on the Exchange Back End site. It then collects the responses from the back end and forwards them to the client.”
 
The issue arises specifically in a feature called “Delegated Authentication,” where the front end passes authentication requests directly to the back end. These requests contain a SecurityToken cookie that identify them; i.e., if the front end finds a non-empty cookie named SecurityToken, it delegates authentication to the back end. However, Exchange has to be specifically configured to have the back end perform the authentication checks; in a default configuration, the module responsible for that (the “DelegatedAuthModule”) isn’t loaded.
 
“When the front end sees the SecurityToken cookie, it knows that the back end alone is responsible for authenticating this request,” according to ZDI. “Meanwhile, the back end is completely unaware that it needs to authenticate some incoming requests based upon the SecurityToken cookie, since the DelegatedAuthModule is not loaded in installations that have not been configured to use the special delegated authentication feature. The net result is that requests can sail through, without being subjected to authentication on either the front or back end.”

Read more: Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Messages In This Thread
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping - by silversurfer - 31 August 21, 12:53

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Microsoft promises faster Windows 11, f...
Windows 11 Update Br...harlan4096 — 12:07
ScreenToGif 2.43
ScreenToGif 2.43 ...harlan4096 — 07:37
Microsoft Edge 146.0.3856.72
Version 146.0.3856...harlan4096 — 07:35
Brave 1.88.134 (Chromium 146.0.7680.153)
Release v1.88.134 ...harlan4096 — 07:34
Vivaldi 7.9 Build 3970.41
Vivaldi 7.9 Build ...harlan4096 — 07:33

[-]
Birthdays
Today's Birthdays
avatar (44)battsourIonix
avatar (43)CedricSek
Upcoming Birthdays
avatar (44)gapedDow
avatar (38)snorydar
avatar (46)qaqapeti
avatar (43)artmaGoork

[-]
Online Staff
Cygi's profile Cygi

>