{"id":3236,"date":"2021-09-23T17:55:19","date_gmt":"2021-09-23T12:25:19","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3236"},"modified":"2021-09-23T17:55:21","modified_gmt":"2021-09-23T12:25:21","slug":"100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/","title":{"rendered":"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">Flaws in the employment of Microsoft Exchange\u2019s Autodiscover feature have leaked around 100,000 login details for Windows domains across the world. A recent report by a security analyst indicates how the false implementation of the Autodiscover protocol, rather than a flaw in Microsoft Exchange, is causing Windows passwords to be forwarded to third-party unauthenticated websites.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Before discussing the issue, it is very essential to take a quick look at Microsoft Exchange\u2019s Autodiscover protocol and how it is implemented.<\/p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>What is Microsoft Exchange Autodiscover?<\/strong><\/h4>\n\n\n\n<p><p style=\"text-align: justify;\">Microsoft Exchange utilizes an Autodiscover feature to automatically configure a user\u2019s mail client, including Microsoft Outlook, with their organization\u2019s predefined mail settings. When an Exchange user enters their email credentials into their email client, like Microsoft Outlook, the mail client then tries to authenticate to different Exchange Autodicover URLs.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">While this authentication process, the credentials are transmitted automatically to the Autodiscover URL.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image1-1024x753.jpg\" alt=\"100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image1\" class=\"wp-image-3238\" width=\"718\" height=\"527\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image1-1024x753.jpg 1024w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image1-300x221.jpg 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image1-768x565.jpg 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image1.jpg 1337w\" sizes=\"(max-width: 718px) 100vw, 718px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">The Autodiscover URLs that will be connected have arrived from the email address configured in the client.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Such as, when our security researcher tested the Autodiscover feature using the email \u2018researcher@check.com,\u2019 he found that the mail client tried to authenticate to the following Autodiscover URLs:<\/p><\/p>\n\n\n\n<ul><li>https:\/\/Autodiscover.example.com\/Autodiscover\/Autodiscover.xml<\/li><li>http:\/\/Autodiscover.example.com\/Autodiscover\/Autodiscover.xml<\/li><li>https:\/\/example.com\/Autodiscover\/Autodiscover.xml<\/li><li>http:\/\/example.com\/Autodiscover\/Autodiscover.xml&nbsp;<\/li><\/ul>\n\n\n\n<p><p style=\"text-align: justify;\">The mail client would try to each URL until it was successfully authenticated to the Microsoft Exchange server and configuration information was sent back to the client.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Hijacking Credentials to External Domains<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">If the client could not authenticate to the above URLs, security researchers found that some of the mail clients, including Microsoft Outlook, would perform a \u201cback-off\u201d procedure. This procedure tries to generate additional URLs to authenticate to, like the autodiscover .tld domain, where the TLD is derived from the user\u2019s email address. In this case, the URL generated is&nbsp;<a href=\"http:\/\/Autodiscover.com\/Autodiscover\/Autodiscover.xml\" target=\"_blank\" rel=\"noreferrer noopener\">http:\/\/Autodiscover.com\/Autodiscover\/Autodiscover.xml<\/a>.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">This incorrect implementation of the Autodiscover protocol is causing mail clients to authenticate to untrusted domains, such as autodiscover.com, which is where the trouble begins. As the email user&#8217;s organization does not own this domain, and credentials are automatically sent to the URL, it would allow the domain owner to collect any credentials sent to them.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">To test this, Guardicore registered the following domains and set up web servers on each to see how many credentials would be leaked by the Microsoft Exchange Autodiscover feature.<\/p><\/p>\n\n\n\n<ul><li>Autodiscover.com.br &#8211; Brazil<\/li><li>Autodiscover.com.cn &#8211; China<\/li><li>Autodiscover.com.co &#8211; Columbia<\/li><li>Autodiscover.es &#8211; Spain<\/li><li>Autodiscover.fr &#8211; France<\/li><li>Autodiscover.in &#8211; India<\/li><li>Autodiscover.it &#8211; Italy<\/li><li>Autodiscover.sg &#8211; Singapore<\/li><li>Autodiscover.uk &#8211; United Kingdom<\/li><li>Autodiscover.xyz<\/li><li>Autodiscover.online<\/li><\/ul>\n\n\n\n<p><p style=\"text-align: justify;\">After these domains were registered and used, Serper found that email clients, including Microsoft Outlook, sent many account credentials using Basic authentications, making them easily viewable.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image2-1024x515.jpg\" alt=\"100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image2\" class=\"wp-image-3239\" width=\"643\" height=\"323\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image2-1024x515.jpg 1024w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image2-300x151.jpg 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image2-768x386.jpg 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image2.jpg 1337w\" sizes=\"(max-width: 643px) 100vw, 643px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">For Microsoft Outlook clients that transmit credentials using NTML and Oauth, the researcher created an attack known as \u201cThe ol\u201d switcheroo\u201d that would force to downgrade the request to a Basic authentication request.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">This would again permit the investigator to access the cleartext credentials for the users.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image33-1024x428.jpg\" alt=\"100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image3\" class=\"wp-image-3240\" width=\"615\" height=\"257\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image33-1024x428.jpg 1024w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image33-300x125.jpg 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image33-768x321.jpg 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-image33.jpg 1075w\" sizes=\"(max-width: 615px) 100vw, 615px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">While conducting these tests between 20th April and 25th August 2021, Guardicore servers received a:<\/p><\/p>\n\n\n\n<ul><li>648,976 HTTP requests targeting their Autodiscover domains.<\/li><li>372,072 Basic authentication requests.<\/li><li>96,671 unique pre-authenticated requests.<\/li><\/ul>\n\n\n\n<p><p style=\"text-align: justify;\">Guardicore states the domains that transmitted their credentials include:<\/p><\/p>\n\n\n\n<ul><li>Publicly traded companies in the Chinese market<\/li><li>Food manufacturers<\/li><li>Investment banks<\/li><li>Power plants<\/li><li>Power delivery<\/li><li>Real estate<\/li><li>Shipping and logistics<\/li><li>Fashion and Jewelry<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Alleviating the Microsoft Exchange Autodiscover Leaks<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">The researcher has provided a few recommendations that a company and developer can use to alleviate these Microsoft Exchange Autodiscover leaks.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">For companies using Microsoft Exchange, one should block all Autodiscover.tld domains at your firewall or DNS server so that the devices cannot connect to them. Guardicore has generated a text file including all Autodiscover domains that can be utilized to generate access rules.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Companies are also suggested to disable Basic authentication, as it importantly transmits credentials in cleartext. For software developers, the researcher recommends users prevent their mail clients from failing upwards when constructing Autodiscover URLs so that they never connect to Autodiscover.tld domains.&nbsp; &nbsp; &nbsp;&nbsp;<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Why developers, including Microsoft, are falling behind to unauthenticated autodiscover.tld domains remain a secret, as Microsoft&#8217;s documentation on the Autodiscover protocol makes no mention of these domains. &#8220;Many developers are just using third party libraries that all have the same problem. I&#8217;m willing to bet that the vast majority of developers aren&#8217;t even aware of it,&#8221; the researcher told our experts.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Flaws in the employment of Microsoft Exchange\u2019s Autodiscover feature have leaked around 100,000 login details for Windows domains across the world. A recent report by a security analyst indicates how the false implementation of the Autodiscover protocol, rather than a flaw in Microsoft Exchange, is causing Windows passwords to be forwarded to third-party unauthenticated websites. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3241,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Flaws in the employment of Microsoft Exchange\u2019s Autodiscover feature have leaked around 100,000 login details for Windows domains across the world. A recent report by a security analyst indicates how the false implementation of the Autodiscover protocol, rather than a flaw in Microsoft Exchange, is causing Windows passwords to be forwarded to third-party unauthenticated websites. [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-23T12:25:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-23T12:25:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws\",\"datePublished\":\"2021-09-23T12:25:19+00:00\",\"dateModified\":\"2021-09-23T12:25:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/\"},\"wordCount\":771,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Breaches\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/\",\"url\":\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/\",\"name\":\"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-09-23T12:25:19+00:00\",\"dateModified\":\"2021-09-23T12:25:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/","og_locale":"en_US","og_type":"article","og_title":"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws - Xiarch Solutions Private Limited","og_description":"Flaws in the employment of Microsoft Exchange\u2019s Autodiscover feature have leaked around 100,000 login details for Windows domains across the world. A recent report by a security analyst indicates how the false implementation of the Autodiscover protocol, rather than a flaw in Microsoft Exchange, is causing Windows passwords to be forwarded to third-party unauthenticated websites. [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-09-23T12:25:19+00:00","article_modified_time":"2021-09-23T12:25:21+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/100K-Windows-Credentials-Leak-due-to-Microsoft-Exchange-Autodiscover-Flaws-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws","datePublished":"2021-09-23T12:25:19+00:00","dateModified":"2021-09-23T12:25:21+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/"},"wordCount":771,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Breaches"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/","url":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/","name":"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-09-23T12:25:19+00:00","dateModified":"2021-09-23T12:25:21+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/100k-windows-credentials-leak-due-to-microsoft-exchange-autodiscover-flaws\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"100K Windows Credentials Leak due to Microsoft Exchange Autodiscover Flaws"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3236"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3236"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3236\/revisions"}],"predecessor-version":[{"id":3242,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3236\/revisions\/3242"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3241"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}