Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The error on Microsoft's login system allows hackers to take control of any Office account
There are a number of vulnerabilities in Microsoft's login system that if hackers combine them, they can create a complete attack method that allows anyone to gain access to Microsoft accounts when they click. a scam link.
Sahad Nk, a bug hunting expert in India has captured "success.office.com" - a Microsoft subdomain after discovering that the domain name is not set according to the necessary standards.
Next Nk points the domain "success.office.com" into his Azure field via a CNAME record to control the subdomain and any data sent to it.
We also noticed that, after users log in via Microsoft Live login system, it is possible to 'trick' Microsoft Office, Store and Sway applications to send login credentials to your new domain. control. Having an authentication code means that someone's account login information is included, including a two-factor authentication account. This allows bad guys to easily penetrate users' accounts without being detected.
Earlier this year, Facebook also suffered a similar vulnerability and caused 30 million user accounts to leak.
However, the Microsoft vulnerability is even more dangerous, which can adversely affect countless accounts because bad guys can access any Office account, including those of businesses / entrepreneurs while users Still logged in through Microsoft system and almost impossible to trace the culprit.
Nk, with the help of Paulos Yibelo, sent a report about this vulnerability to Microsoft so they could fix it.
Microsoft confirmed this vulnerability in November 2018 and handled it by deleting the CNAME record that points to Nk's Azure field.
Because of this discovery, Microsoft awarded Nk a prize but it is unclear how much the reward is.
See more:
- Windows 10 October 2018 is new, Microsoft is forced to stop updating for some computers
- Microsoft PowerPoint is about to add annotations and subtitles in real time
- Microsoft developed Windows 10 Lite operating system, a small version that actually runs on mobile chips
Isabella HumphreyYou should read it
- Instructions for renaming Microsoft account
- How to change the primary email address for a Microsoft account
- You can now manage your Microsoft and Office accounts right in the Settings of Windows 11
- How to login to a Microsoft account without a password
- How to Personalize Microsoft Office
- How to block adding Microsoft accounts to Windows 10
- How to create a Microsoft account
- Instructions for creating a Microsoft account for Windows Phone
May be interested
- How to change User Account login name on Win 10
the username is the name displayed on the screen when we log in to windows. but sometimes you want to change your win 10 login name to make it better and more unique. so how to change your login name? - Microsoft has just 'lowered' the way hackers use to control computersupdating in the office 2016 suite gives enterprise administrators the right to block the process of running macros in files.
- Instructions for fixing error Zalo 502when logging in to android zalo, ios will sometimes encounter error 502 that cannot log into zalo account.
- How to fix the 2017 Zalo errorwhen logging in to zalo, sometimes you will encounter errors in the 2017 zalo account. this may be due to inaccurate system date and time on the device.
- Instructions on how to fix errors when accessing Gmailthere are many instances of gmail access errors, not being able to log in to your gmail account, while others are still accessible.
- How to fix a local account error cannot open Windows 10 applicationsome account local accounts often encounter a situation where they cannot install applications that allow administrative rights (administrator). this is essentially a feature on windows, not a system error.
- Users will never have to create a Microsoft account password againmicrosoft is ditching traditional passwords and defaulting to passkeys, especially for new accounts. it's a bold move, but one that many people are completely in favor of!
- Hackers found a way to bypass Microsoft Office 365 Safe Linkssecurity researchers have just revealed how hackers overcome microsoft office 365's safe links security feature, used to protect users from malware and phishing attacks.
- 5 How to fix the latest update of Facebook login error 2021guide 5 ways to fix facebook login error, blocked facebook login most effectively today. please refer to ben here.
- Fix 'Something went wrong' error on Office 2013microsoft office 2013 is one of the applications that supports opening, reading and editing text documents. however in some cases when opening the microsoft office 2013 application users face the error 'something went wrong' with the error message 'something went wrong. we're sorry, nhưng chúng không thể bắt đầu chương trình của bạn. hãy kiểm tra nó không bị tắt bởi hệ thống. error code: 1058-13 '.
Technology story
- Windows 10 collects and sends your activity history to Microsoft
- Interesting error, ASUS ROG Phone became the first smartphone in the world to know 'charging itself'
- The 11th-grade student made his own solar-powered electric car
- Statistics most searched keywords Google 2018
- Microsoft launched a new Office icon set, a major change in design
- The 50 most wonderful inventions of 2018 by Time Magazine (Part 1)
Windows 10 collects and sends your activity history to Microsoft
Interesting error, ASUS ROG Phone became the first smartphone in the world to know 'charging itself'
The 11th-grade student made his own solar-powered electric car
Statistics most searched keywords Google 2018
Microsoft launched a new Office icon set, a major change in design
The 50 most wonderful inventions of 2018 by Time Magazine (Part 1)