An attack exploiting the Microsoft Outlook Web Application (OWA) allowed hackers to record authentication credentials via a malicious DLL file placed on the server itself.
The attack was uncovered by security vendor Cybereason, when a company asked for its services after their IT personnel detected suspicious behavior on the OWA server.
The Microsoft Outlook Web Application (OWA) is an Internet-facing webmail server, a component of Microsoft Exchange Server, which can be deployed in private companies to provide internal emailing capabilities.
Hackers replaced a DLL on the OWA server
As Cybereason explains, the attackers replaced the OWAAUTH.dll with one that contained a backdoor, and collected information about authentication procedures against the localActive Directory server (a server for managing shared authentication procedures).
Even if all authentication procedures were handled correctly by the OWA server using SSL/TLS encryption, the DLL file allowed hackers to get all login information in clear text, the DLL working after the SSL/TLS decryption stage.
All user login credentials were then logged and sent to the attackers. Every user that ever authenticated against the hacked server had his user & password logged by the attackers. For the full article click here
from hacker samurai http://ift.tt/1WJZLFO
via IFTTT
No comments:
Post a Comment