Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The error on Microsoft's login system allows hackers to take control of any Office account
There are a number of vulnerabilities in Microsoft's login system that if hackers combine them, they can create a complete attack method that allows anyone to gain access to Microsoft accounts when they click. a scam link.
Sahad Nk, a bug hunting expert in India has captured "success.office.com" - a Microsoft subdomain after discovering that the domain name is not set according to the necessary standards.
Next Nk points the domain "success.office.com" into his Azure field via a CNAME record to control the subdomain and any data sent to it.
The error on Microsoft's login system allows hackers to take control of any Office account Picture 1
We also noticed that, after users log in via Microsoft Live login system, it is possible to 'trick' Microsoft Office, Store and Sway applications to send login credentials to your new domain. control. Having an authentication code means that someone's account login information is included, including a two-factor authentication account. This allows bad guys to easily penetrate users' accounts without being detected.
Earlier this year, Facebook also suffered a similar vulnerability and caused 30 million user accounts to leak.
However, the Microsoft vulnerability is even more dangerous, which can adversely affect countless accounts because bad guys can access any Office account, including those of businesses / entrepreneurs while users Still logged in through Microsoft system and almost impossible to trace the culprit.
Nk, with the help of Paulos Yibelo, sent a report about this vulnerability to Microsoft so they could fix it.
Microsoft confirmed this vulnerability in November 2018 and handled it by deleting the CNAME record that points to Nk's Azure field.
Because of this discovery, Microsoft awarded Nk a prize but it is unclear how much the reward is.
See more:
- Windows 10 October 2018 is new, Microsoft is forced to stop updating for some computers
- Microsoft PowerPoint is about to add annotations and subtitles in real time
- Microsoft developed Windows 10 Lite operating system, a small version that actually runs on mobile chips
Isabella HumphreyYou should read it
- Instructions for creating the fastest Microsoft account
- Already able to login to a Microsoft account without a password
- Instructions for renaming Microsoft account
- How to change the primary email address for a Microsoft account
- You can now manage your Microsoft and Office accounts right in the Settings of Windows 11
- How to login to a Microsoft account without a password
- How to Personalize Microsoft Office
- How to block adding Microsoft accounts to Windows 10
- How to create a Microsoft account
- Instructions for creating a Microsoft account for Windows Phone
- How to Install Microsoft Office
- How to revoke third-party access to a Microsoft account
Maybe you are interested
Microsoft doesn't allow users to uninstall the Recall feature in Windows 11
How to take a screenshot of the entire web page on Microsoft Edge
How to translate a web page on Microsoft Edge
Microsoft DirectML now supports PC Copilot+ and WebNN
Microsoft sparks outrage by renaming Remote Desktop app on some platforms
Microsoft: Personnel in the AI field have salaries much higher than average
Technology story
Windows 10 collects and sends your activity history to Microsoft- Interesting error, ASUS ROG Phone became the first smartphone in the world to know 'charging itself'
- The 11th-grade student made his own solar-powered electric car
- Statistics most searched keywords Google 2018
- Microsoft launched a new Office icon set, a major change in design
- The 50 most wonderful inventions of 2018 by Time Magazine (Part 1)
Windows 10 collects and sends your activity history to Microsoft
Interesting error, ASUS ROG Phone became the first smartphone in the world to know 'charging itself'
The 11th-grade student made his own solar-powered electric car
Statistics most searched keywords Google 2018
Microsoft launched a new Office icon set, a major change in design
The 50 most wonderful inventions of 2018 by Time Magazine (Part 1)