Holla guys..
How are you all...
In my previous post I discussed about the preparedness of Britain to tackle Cyber Attacks [Click to see]
In this post I will be discussing about the crucial flaw in Outlook Web Access(OWA).
A crucial design flaw has been found that can be used by the attacker to bypass the two factor authentication and access the emails,calenders,contacts of an organization.Organizations running exchange servers are basically affected by this.
the main problem is that the Exchange Servers shows the interface of Exchange Web Services on the side of OWA ,which is not included in the two factor authentication.The fact that EWS operates on same port and server as that of OWA and are enabled by defaults makes it more disastrous because if the attacker has in possession of stolen credentials, then he/she can have a remote access on EWS which works on same back-end as that of OWA.This would enable access to inbox of the user.
Penetration tester Beau Bullock from Black Hills information security made this public on Wednesday.
According to him organizations aren't aware that EWS is running along with OWA and is not covered by 2FA.He also mentioned that when you are completely unaware that separate protocols are carrying out its operation on same port then you are opening a different way to communicate to that infrastructure.
Leaving you amazed..
Untill my next post
SAYONARA...
To Like Our Facebook Page > NewAgeInformers
Comments
Post a Comment