Geeks for your information News Privacy & Security News v
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  31 August 21, 12:53
Quote:A serious security vulnerability in Microsoft Exchange Server that researchers have dubbed ProxyToken could allow an unauthenticated attacker to access and steal emails from a target’s mailbox.
 
Microsoft Exchange uses two websites; one, the front end, is what users connect to in order to access email. The second is a back-end site that handles the authentication function.
 
“The front-end website is mostly just a proxy to the back end. To allow access that requires forms authentication, the front end serves pages such as /owa/auth/logon.aspx,” according to a Monday posting on the bug from Trend Micro’s Zero Day Initiative. “For all post-authentication requests, the front end’s main role is to repackage the requests and proxy them to corresponding endpoints on the Exchange Back End site. It then collects the responses from the back end and forwards them to the client.”
 
The issue arises specifically in a feature called “Delegated Authentication,” where the front end passes authentication requests directly to the back end. These requests contain a SecurityToken cookie that identify them; i.e., if the front end finds a non-empty cookie named SecurityToken, it delegates authentication to the back end. However, Exchange has to be specifically configured to have the back end perform the authentication checks; in a default configuration, the module responsible for that (the “DelegatedAuthModule”) isn’t loaded.
 
“When the front end sees the SecurityToken cookie, it knows that the back end alone is responsible for authenticating this request,” according to ZDI. “Meanwhile, the back end is completely unaware that it needs to authenticate some incoming requests based upon the SecurityToken cookie, since the DelegatedAuthModule is not loaded in installations that have not been configured to use the special delegated authentication feature. The net result is that requests can sail through, without being subjected to authentication on either the front or back end.”

Read more: Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Messages In This Thread
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping - by silversurfer - 31 August 21, 12:53

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Sysinternals Suite 07.05.2026
Sysinternals Suite...harlan4096 — 07:42
Tor Browser 15.0.13
Tor Browser 15.0.1...harlan4096 — 07:39
K-Lite Codec Pack 19.7.0 / 19.7.0 Update
Changes in 19.7.0:...harlan4096 — 07:39
Microsoft Edge 148.0.3967.54
Version 148.0.3967...harlan4096 — 07:37
AdGuard Browser Extension 5.4.1.3
AdGuard Browser Ex...harlan4096 — 07:35

[-]
Birthdays
Today's Birthdays
avatar (41)iruqi
avatar (42)saitetib
avatar (36)ypasodiny
Upcoming Birthdays
avatar (28)akiratoriyama
avatar (48)Jerrycix
avatar (40)awedoli
avatar (82)WinRARHowTo
avatar (38)owysykan
avatar (49)beautgok
avatar (39)axuben
avatar (45)talsmanthago
avatar (31)mocetor
avatar (46)piomaibhaict
avatar (51)kingbfef
avatar (38)izenesiq
avatar (40)ihijudu
avatar (45)tiojusop
avatar (42)Damiennug
avatar (40)acoraxe
avatar (49)contjrat
avatar (41)axylisyb
avatar (44)tukrublape
avatar (39)omapek
avatar (48)Geraldtuh
avatar (44)knigiJow
avatar (46)1stOnecal
avatar (50)Mirzojap
avatar (36)idilysaju
avatar (40)GregoryRog
avatar (45)mediumog
avatar (40)odukoromu
avatar (46)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>