The way how Windows handles the old authentication procedures for the shared network resources has a flaw and can leak a user’s Microsoft account username and password including VPN credentials if he is using a VPN to browse the Internet. This exploit relies on the attacker embedding a link to SMB resource (network share) inside an email or a Web page which is viewed using Outlook. The attacker can put the disguise the link to his network, share inside image tags but instead of the proper image link he can place the link to his network share hosted on his own network. Whenever user accesses the link using Edge, Internet
The post Windows Flaw is Leaking Microsoft Account Passwords, VPN Credentials appeared first on Coding Security.
Windows Flaw is Leaking Microsoft Account Passwords, VPN Credentials
read more
Tidak ada komentar:
Posting Komentar