Close Menu
    Facebook X (Twitter) Instagram
    Nintendo-Power
    • Home
    • Top News
    • Tech
    • Nintendo
    • Downloads
    • Contact Form
    Nintendo-Power
    Home»Top News»Microsoft Exchange Proxy Token: Backend access without authentication
    Top News

    Microsoft Exchange Proxy Token: Backend access without authentication

    Edward LangleyBy Edward LangleyAugust 31, 2021No Comments2 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Microsoft Exchange Proxy Token: Backend access without authentication
    Share
    Facebook Twitter LinkedIn Pinterest Email

    In April, another, previously unknown loophole in the Microsoft Exchange server was closed. The proxy token cleverly bypasses the authorization to access the structure of the Exchange account. The attacker can use it to redirect incoming mail from the Exchange user to another account.

    When using a proxy token space, the attacker plays the exchange front end and back end against each other. To do this, mark the front node with a special cookie SecurityTokenThe backend will be ready for recognition. This is a function for logging into complex exchange installations (“Authorized Authorization” in cross-forest topography).

    You take it and I will definitely get it

    Unfortunately, in standard configuration, the backend does not support the required DelegatedAuthModule module, instead the front page assumes that it is already authenticated. As a result, the attacker can send his configuration change to the backend without login data.

    The gap was discovered by Vietnamese security researcher Le Xuan Tuyen, who reported to ZDI. These describe A blog post The basic problem is now more precise. They also explain that if the attacker has an account on the same server and he can send mail, the current exploit will only work in the default settings.

    Poorly documented

    Microsoft already has the CVE-2021-33766 vulnerability April updates for the exchange Closed. But they did not add the note to the document until August 24th. He also talks about “information exposure vulnerabilities on the Microsoft Exchange server” without further details. The ZDI article currently states that the gap will be closed with the July updates. But a Microsoft employee contradicts him Clarify which CVEs are fixed in which CU desire

    Microsoft’s patch policy for the Exchange has already received a lot of criticism. Poorly documented or undocumented security connections unnecessarily complicate the work of administrators. Inseparable confusion between overall updates, which can lead to repeated changes in operation and clean security updates and ultimately insecure transfer servers. One can get the impression that Microsoft emotionally accepts this so that frustrated customers can finally switch to their Microsoft 365 Cloud offer.


    (Ju)

    To the home page

    Edward Langley

    Edward Langley is a contributor to Nintendo-power.com, covering a wide range of topics including news, business, technology, entertainment, lifestyle and current affairs. He focuses on delivering clear, balanced and accessible reporting that helps readers stay informed about important developments and emerging trends. With an emphasis on accuracy, relevance and useful insights, Edward aims to provide engaging stories and practical information that matter to audiences in the UK and beyond.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Edward Langley

    Edward Langley is a contributor to Nintendo-power.com, covering a wide range of topics including news, business, technology, entertainment, lifestyle and current affairs. He focuses on delivering clear, balanced and accessible reporting that helps readers stay informed about important developments and emerging trends. With an emphasis on accuracy, relevance and useful insights, Edward aims to provide engaging stories and practical information that matter to audiences in the UK and beyond.

    Related Posts

    Acrylic Nails for the Modern Professional: Balancing Style and Practicality

    September 6, 2024

    The Majestic Journey of the African Spurred Tortoise: A Guide to Care and Habitat

    September 2, 2024

    Choosing Between a Russian and a Greek Tortoise: What You Need to Know

    June 21, 2024
    Leave A Reply Cancel Reply

    Navigate
    • Home
    • Top News
    • Tech
    • Nintendo
    • Downloads
    • Contact Form
    Pages
    • About Us
    • Contact Us
    • DMCA
    • Editorial Policy
    • Privacy Policy
    • Nintendo Power – Latest Gaming News, Reviews & Retro Updates
    Recent
    • Games Done Quick Reveals Flame Fatales 2026 Schedule Supporting Malala Fund
    • 17,000 Brain Scans Reveal Unexpected Ethnic Differences in Alzheimer’s Disease Biology
    • Lenovo Unveils Mini PC Built Around Downloadable AI Skills Instead of Traditional Software
    • Uranus and Neptune May Be Magma Worlds Rather Than Ice Giants
    • Women’s Prize for Fiction 2026 Longlist Revealed with Susan Choi and Katie Kitamura Among Contenders
    • About Us
    • Contact Us
    • DMCA
    • Editorial Policy
    • Privacy Policy
    • Nintendo Power – Latest Gaming News, Reviews & Retro Updates
    © 2026 Nintendo Power. All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.