News

Microsoft Outlook Web App Vulnerable to Password Hacking via “Backdoor”

Typical Microsoft, the tech giant has more backdoors than Disneyland and World put together; the latest vulnerability that has been unearthed by researchers is a pretty serious breach and allows an attacker the option to steal e-mail authentication credentials from major organizations.

So what is it this time? The Microsoft Outlook Web Application or OWA in question is an Internet-facing webmail server that is being deployed within private companies and organisations, this then offers the ability to provide internal emailing capabilities. Research and subsequent analyses undertaken by security firm “Cybereason” has discovered a backdoor of sorts in the form of a suspicious DLL file. This file was found to be loaded into the companies OWA server with the aim of siphoning decrypted HTTPS requests.

The clever part of this attack is the innocuous nature of deployment in the form of the file name that was the same as another legitimate file; the only difference was the attack file was unsigned and loaded from another directory. According to Cybereason, the attacker (whoever it might be, mentioning no names) replaced the OWAAUTH.dll file that is used by OWA as part of the authentication mechanism with one that contained a dangerous backdoor.

Thus, this allowed attackers to harvest log in information in plain decrypted text, even more worrying is the discovery of more than “11,000 username and password combinations in a log.txt file in the server’s “C:\” partition. The Log.txt file is believed to have been used by attackers to store all logged data”.

The attackers ensured the backdoor could not be removed by creating an IIS (Microsoft Web Filter) that loaded the malicious OWAAUTH.dll file every time the server was restarted.

Indeed, yep, same old same old then, breaches of passwords is worryingly common in the digital age, there needs to be a radical re think of security infrastructure. I do feel companies are using tech as a cheaper alternative without investing in system protection or even real-time analyses, servers and communication lines are being ignored to the point whereby attackers have free reign over such systems. I wonder as I write this as to what else is being siphoned to individuals and attackers, if I see next the formula for Coke in China own brand cola, then it will make sense.

Thank you cybereason for providing us with this information.

Image courtesy of thehackernews

Christopher Files

Disqus Comments Loading...

Recent Posts

Accenture to Train 30,000 Employees on NVIDIA AI Technology

Accenture has announced it will train 30,000 of its employees on NVIDIA's AI platform as…

16 hours ago

Nvidia GeForce RTX GT610 Listed on AliExpress

A suspicious listing has appeared on AliExpress for a product labeled "Nvidia GeForce RTX GT610,"…

17 hours ago

Corsair Launches K70 CORE TKL Series with New MLX Switches

Corsair has revealed two new models in its K70 CORE lineup: the K70 CORE TKL…

17 hours ago

Bethesda Calls Starfield Their Best Game Yet, But Fans Aren’t Convinced

Bethesda has recently made bold claims about Starfield, stating that it’s the best and hardest…

17 hours ago

Metal Gear Solid Delta: Snake Eater’s Difficulty Changes Based on Player’s Perspective

The long-awaited remake, Metal Gear Solid Delta: Snake Eater, will offer a unique twist on…

17 hours ago

Horizon Zero Dawn Removed from Epic Games Store Following Remaster Announcement

In a surprising move for gamers, Horizon Zero Dawn has been removed from the Epic…

17 hours ago