Autodiscovering your credentials

[Kurt Buff]

https://www.guardicore.com/labs/autodiscovering-the-great-leak/

More fun!

Kurt

[Michael B. Smith]

It’s a crock.

 

There is probably SOME client – but it isn’t Outlook – that behaves as he describes. But it’s none of the major clients. And he does a great disservice by showing a partial log where the client identifies itself as Outlook, but it isn’t Outlook.

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce5ywY%3DzoS8%3DxD0tTy4jO2VYMc05JY1_8t9VXmogc3oK%2Bg%40mail.gmail.com.

[Kurt Buff]

I'll believe you over them, but that's an awful lot of credentials to grab, so whatever client that might be, it's not completely unknown.

Kurt

You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/a5954dc9ea304b06842399e244fdd7d4%40smithcons.com.

[Michael B. Smith]

Well, “we” weren’t able to identify a client that behaves this way (Outlook on any platform, Mail.App on MacOS or iOS, or Android Mail).

 

Yes, there are lots of other clients.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/CADy1Ce4GtqL9QUo%3DKXdYbD77aFMPAKArXk10pvhLFDmum%2BAyKA%40mail.gmail.com.

[Bonnie Pohlschneider]

Sophos just put out an article on the same thing this week. They even call out that they’re not sure about the client “According to Guardicore, however, in their tests – perhaps conducted with an older version of Windows and Outlook, but we’re not sure”.

 

https://nakedsecurity.sophos.com/2021/09/23/how-outlook-autodiscover-could-leak-your-passwords-and-how-to-stop-it/

 

 

Bonnie Pohlschneider Information Technology Director, CRSI Phone 937-653-1317 | Fax 937-653-1321 www.crsi-oh.com

To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/7a397a6effe84f50a763856bb063ce9b%40smithcons.com.

[Kurt Buff]

An excellent follow-up (rebuttal?) to the Guardicore report. Thanks for this.

Kurt

To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/6d9177ec447f42e784473f93c0eb9782%40CRSI-OH.com.