A ‘black box’ review of Microsoft’s Outlook Wep App(OWA) revealed several vulnerabilities. This includes a time based authentication attack that allows attackers to validate realms and usernames existing in Active Directory. We will discuss how these vulnerabilities can be leveraged during a pentest.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek