Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The error on Microsoft's login system allows hackers to take control of any Office account
There are a number of vulnerabilities in Microsoft's login system that if hackers combine them, they can create a complete attack method that allows anyone to gain access to Microsoft accounts when they click. a scam link.
Sahad Nk, a bug hunting expert in India has captured "success.office.com" - a Microsoft subdomain after discovering that the domain name is not set according to the necessary standards.
Next Nk points the domain "success.office.com" into his Azure field via a CNAME record to control the subdomain and any data sent to it.
We also noticed that, after users log in via Microsoft Live login system, it is possible to 'trick' Microsoft Office, Store and Sway applications to send login credentials to your new domain. control. Having an authentication code means that someone's account login information is included, including a two-factor authentication account. This allows bad guys to easily penetrate users' accounts without being detected.
Earlier this year, Facebook also suffered a similar vulnerability and caused 30 million user accounts to leak.
However, the Microsoft vulnerability is even more dangerous, which can adversely affect countless accounts because bad guys can access any Office account, including those of businesses / entrepreneurs while users Still logged in through Microsoft system and almost impossible to trace the culprit.
Nk, with the help of Paulos Yibelo, sent a report about this vulnerability to Microsoft so they could fix it.
Microsoft confirmed this vulnerability in November 2018 and handled it by deleting the CNAME record that points to Nk's Azure field.
Because of this discovery, Microsoft awarded Nk a prize but it is unclear how much the reward is.
See more:
- Windows 10 October 2018 is new, Microsoft is forced to stop updating for some computers
- Microsoft PowerPoint is about to add annotations and subtitles in real time
- Microsoft developed Windows 10 Lite operating system, a small version that actually runs on mobile chips
Isabella HumphreyYou should read it
- Instructions for renaming Microsoft account
- How to change the primary email address for a Microsoft account
- You can now manage your Microsoft and Office accounts right in the Settings of Windows 11
- How to login to a Microsoft account without a password
- How to Personalize Microsoft Office
- How to block adding Microsoft accounts to Windows 10
- How to create a Microsoft account
- Instructions for creating a Microsoft account for Windows Phone
May be interested
- Windows 10 collects and sends your activity history to Microsoft
on the reddit forum, many users are discussing and confirming that windows 10 collects activity history - activity history of applications that users use on the pc and sends it to microsoft. - Interesting error, ASUS ROG Phone became the first smartphone in the world to know 'charging itself'a member of the reddit forum has just shared his interesting discovery that many people can enjoy. that's when using only a single usb cable, plugging into two usb-c ports together on an asus rog phone smartphone, it can 'charge itself.'
- The 11th-grade student made his own solar-powered electric carngo viet cuong - 11th grade high school student of tong van tran (nam dinh) built his own beautiful electric car and especially solar charger makes many people surprised and admired. .
- Statistics most searched keywords Google 2018the year of 2018 is coming to an end, google - the world's leading search engine recently announced a list of the most searched keywords in the past year. through these google trending 2018, users can see the outstanding trends that took place during the year.
- Microsoft launched a new Office icon set, a major change in designrecently, microsoft announced that it will change office icon set in the next 5 years to maintain the design.
- The 50 most wonderful inventions of 2018 by Time Magazine (Part 1)here is a list of the best inventions in 2018, belonging to many different areas such as technology, health, sports, food, entertainment ..., have a good influence and help your life. easier and more modern people voted by time magazine.
How to fix iCloud error requires login on iPhone and iPad
How to fix Office activation error 0xc004c060
A serious security error appeared on Android that allowed hackers to control smartphones through a photo
Set the auto-login mode to Windows XP
How to know your Facebook has been hacked