A security researcher has found a critical flaw with Microsoft’s Office 365 service that allowed users to access other users’ private documents. Kevin Beumont discovered that the search bar on the homepage of Docs.com, Microsoft’s Office 365 document sharing site, was showing files that were not intended for public sharing in its results.
Microsoft says that “with Docs.com, you can create an online portfolio of your expertise, discover, download, or bookmark works from other authors, and build your brand with built-in SEO, analytics, and email and social sharing.” However, it seems that documents that were meant to privately shared – such as within a company or organisation – were being indexed by the search function, making them potentially accessible by anyone.
Other researchers then started to test the Docs.com search function:
According to Ars Technica, the search function gave results of private documents that included:
Microsoft has now removed the search bar from Docs.com homepage, but is still visible on other pages of the website. Regardless, these documents have already been indexed by Google and Bing, making them publicly available, given the correct search criteria.
While I'm not familiar with the Bilibili streaming platform, it was the source of a…
As Computex 2024 approaches, the tech industry buzzes with anticipation for a series of high-profile…
MSI, a key player in the graphics card market, appears to be shifting its focus…
TeamGroup has once again proven its prowess in the field of memory product innovation by…
Konami's eFootball has reached a staggering 750 million downloads worldwide. This milestone comes as the…
Just a few hours after its release on Steam alone Manor Lords has already managed…