Some of Our Sources
- Slashdot
- Team Treehouse
- Smashing Magazine
- Smashing Apps
- Creative Curio
- Fuel Your Creativity
- Inspiredology
- 24 Ways
- Android Headlines
- Willems Lab
Help Webnuz
Referal links:
April 28, 2016 08:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0BP3H8hSCLk/office-365-flaw-allowed-anyone-to-log-in-to-almost-any-business-account
Office 365 Flaw Allowed Anyone To Log In To Almost Any Business Account
Reader msm1267 writes: A severe vulnerability in the way Microsoft Office 365 handles federated identities via SAML put an attacker in a position to have access to any account and data, including emails and files stored in the cloud-based service. Microsoft pushed through a mitigation to the service on Jan. 5, seven hours after being notified by researchers Yiannis Kakavas and Klemen Bratec. "The attack surface was quite big (Outlook Online, OneDrive, Skype for Business, OneNote -- depending on what the company has paid for in terms of licensing)," Kakavas and Bratec told Threatpost via email. "And a malicious user exploiting this vulnerability could have gained access to very sensitive private and company information (emails, internal documents etc. )." Office 365 users who had configured domains as federated were affected. The list includes British Airways, Microsoft, Vodafone, Verizon and many others, as mentioned in a report published late Wednesday.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0BP3H8hSCLk/office-365-flaw-allowed-anyone-to-log-in-to-almost-any-business-account
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot