Threat Post

Exchange/Outlook Autodiscover Bug Spills 100K+ Email Passwords

Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. Guardicore security researcher Amit ...
Ars Technica

Exchange 2010: External Autodiscover query returns internal server names

This is an organization with an existing OWA and ActiveSync deployment. There's no Outlook Anywhere, nor plans to deploy in the near future. However, we do need AutoDiscover to implement ...
Bleeping Computer

Microsoft Exchange Autodiscover bugs leak 100K Windows credentials

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. In a new report by Amit Serper, ...
CSOonline

Exchange Autodiscover feature can cause Outlook to leak credentials

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers.
Bleeping Computer

Microsoft rushes to register Autodiscover domains leaking credentials

Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol. On Monday, Guardicore's Amit ...
Dark Reading

Microsoft Exchange Autodiscover Flaw Leaks Thousands of Credentials

A "design flaw" in Microsoft Exchange's Autodiscover protocol allowed researchers to access 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft ...