ZDNet Japan Staff
2021-08-31 10:19
Here's my content
The Zero Day Initiative (ZDI), a subsidiary of Trend Micro, released information on a vulnerability (CVE-2021-33766) related to Microsoft Exchange Server named "Proxy Token" on August 30th. The email may be eavesdropped. The patch was released in a security update in July, encouraging users to apply it.
According to ZDI, this vulnerability is related to the system configuration of Exchange Server. Exchange Server consists of a front end that receives access to Exchange Server mail from external clients through Outlook Web Access (OWA), etc., and an "Exchange back end".
The front end acts as a proxy to the Exchange back end. Since most Exchange services require authentication, the frontend sends the credentials entered in the web form to the Exchange backend, and when the Exchange backend processes it, it responds to the frontend. .. Among these authentication methods, there is a function called "Delegated Authentication" in which the front end directly passes the authentication request to the Exchange back end side.
The vulnerability is attributed to this mandate authentication. In delegation authentication, when the frontend finds a cookie containing a security token, it delegates authentication to the Exchange backend side. However, the default configuration prevents the Exchange backend from loading modules that perform delegation authentication, and in some cases it does not recognize authentication requests by cookies containing security tokens.
Eventually, the authentication request will pass without going through the appropriate authentication process, and the attacker can change the reception settings of any user and forward the mail to the attacker. ..
The vulnerability was reported to ZDI by Vietnamese security researcher Le Xuan Tuyen, and Microsoft released a patch in a security update in July. However, although the patch itself was developed by April and preparations for release were in progress, it was delayed due to a mistake.
Read all ZDNet Japan articles by email every morning (free registration)
Apply for e-mail newsletter subscriptionRelated article
- Related keywords
- Vulnerability
Related white paper
- Popular category
- management
- Security
- Cloud computing
- Virtualization
- Business application
- mobile
![Advantages of "Gravio" that can implement face / person recognition AI with no code [Archive distribution now]](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_6/2022/2/25/98ceaf1a66144152b81298720929e8e7.jpeg)