Bugs in the implementation of Microsoft Exchange’s Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide.
In a new report by Amit Serper, Guardicore’s AVP of Security Research, the researcher reveals how the incorrect implementation of the Autodiscover protocol, rather than a bug in Microsoft Exchange, is causing Windows credentials to be sent to third-party untrusted websites.
Read more…
Source: Bleeping Computer