Microsoft Outlook Web App Vulnerable to Password Hacking via “Backdoor”



/ 3 years ago

Capture

Typical Microsoft, the tech giant has more backdoors than Disneyland and World put together; the latest vulnerability that has been unearthed by researchers is a pretty serious breach and allows an attacker the option to steal e-mail authentication credentials from major organizations.

So what is it this time? The Microsoft Outlook Web Application or OWA in question is an Internet-facing webmail server that is being deployed within private companies and organisations, this then offers the ability to provide internal emailing capabilities. Research and subsequent analyses undertaken by security firm “Cybereason” has discovered a backdoor of sorts in the form of a suspicious DLL file. This file was found to be loaded into the companies OWA server with the aim of siphoning decrypted HTTPS requests.

The clever part of this attack is the innocuous nature of deployment in the form of the file name that was the same as another legitimate file; the only difference was the attack file was unsigned and loaded from another directory. According to Cybereason, the attacker (whoever it might be, mentioning no names) replaced the OWAAUTH.dll file that is used by OWA as part of the authentication mechanism with one that contained a dangerous backdoor.

Thus, this allowed attackers to harvest log in information in plain decrypted text, even more worrying is the discovery of more than “11,000 username and password combinations in a log.txt file in the server’s “C:\” partition. The Log.txt file is believed to have been used by attackers to store all logged data”.

The attackers ensured the backdoor could not be removed by creating an IIS (Microsoft Web Filter) that loaded the malicious OWAAUTH.dll file every time the server was restarted.

Indeed, yep, same old same old then, breaches of passwords is worryingly common in the digital age, there needs to be a radical re think of security infrastructure. I do feel companies are using tech as a cheaper alternative without investing in system protection or even real-time analyses, servers and communication lines are being ignored to the point whereby attackers have free reign over such systems. I wonder as I write this as to what else is being siphoned to individuals and attackers, if I see next the formula for Coke in China own brand cola, then it will make sense.

Thank you cybereason for providing us with this information.

Image courtesy of thehackernews

Topics: , , , , , , , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow. And continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!
eTeknix FacebookeTeknix TwittereTeknix Instagram

Check out our Latest Video

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!


Optimized with PageSpeed Ninja