Bug bounty hunter Sahad Nk recently uncovered a series of vulnerabilities that left Microsoft users’ accounts — from your Office documents to your Outlook emails — susceptible to hacking.
While working as a security researcher with cybersecurity site SafetyDetective,Exploring The Jungle Between My Wife’s Crotch Nk discovered that he was able to take over the Microsoft subdomain, http://success.office.com, because it wasn’t properly configured. This allowed the bug hunter to set up an Azure web app that pointed to the domain’s CNAME record, which maps domain aliases and subdomains to the main domain. By doing this, Nk not only takes control of the subdomain, but also receives any and all data sent to it.
This is where the second major vulnerability comes into play.
Microsoft Office, Outlook, Store, and Sway apps send authenticated login tokens to the http://success.office.comsubdomain. When a user logs in to Microsoft Live, login.live.com, the login token would leak over to the server controlled by Nk. He would then just have to send over an email to the user asking them to click a link, which would provide Nk with a valid session token — a way to log in to the user’s account without even needing their username or password. And, because Nk has access on Microsoft’s side, that link would come in the form of a login.live.com URL, bypassing phishing detection and even the savviest of internet users.
According to SafetyDetective, the issues were reported to Microsoft in June. They were fixed just last month, in November.
Topics Cybersecurity Microsoft
Previous:Speed Freaks
Next:Disposable People
The Price is Wrong
Barcelona vs. Inter Milan 2025 livestream: Watch Champions League for free
Sabalenka vs. Svitolina 2025 livestream: Watch Madrid Open for free
Shop the limited edition Blossom Bliss Shark FlexStyle for 27% off
Aliens and Alienation
Wordle today: The answer and hints for May 1, 2025
Musetti vs. Diallo 2025 livestream: Watch Madrid Open for free
Best Hulu deals and bundles: Best streaming deals in May 2025
Hyperspeed of the Immediate
Congress passes ‘Take It Down’ Act to fight deepfakes
Brown Existence Anxiety
Apple sends out spyware attack notifications to targeted users
Get the official Atari 7800+ Console for 50% off
Best coffee deal: Take 31% off the De'Longhi Magnifica Evo
Becoming Unbecoming
Best Hulu deals and bundles: Best streaming deals in May 2025
Best gaming laptop deal: Save 18% on ASUS ROG Strix
Best Amazon deals of the week: Sony ULT Field 1, Apple AirPods Pro 2, Google Pixel Buds A
Meat in the Machine
What's new to streaming this week? (May 2, 2025)
Nintendo Online brings save back7 great wireless chargers for your smartphoneYou might not like this botanist's detailed explanation of Baby Groot's biologyLego and Amazon Alexa launch roleplaying Echo game for young buildersHawaii is the first US state to ban sunscreens harmful to coral reefsThanos is coming to 'Fortnite''Destiny 2' expansion 'Warmind' and update 1.2.0, explainedThanos is coming to 'Fortnite'Facebook developing 'Avatars,' its own version of Snapchat's BitmojiDespite Facebook News Feed algorithm changes, fake news still thrivesNintendo Online brings save backGlobal tourism has a much bigger carbon footprint than we thoughtThe mute button is Twitter's most underrated featureSome suggestions for new Boy Scout Badges now that girls can joinNintendo says Virtual Console isn’t coming to Switch — but don’t worryEcoflow releases River Bank, world's most powerful charging stationElon Musk fires back, defends behavior on recent Tesla earnings call7 great wireless chargers for your smartphone'God of War' sales break records for the PlayStation 4Here's what the apartments from 'Friends' might look like today How to add your zodiac sign to your Hinge profile Colleen Ballinger allegations: What's going on with the YouTuber's ukulele song response? Best Dyson Airwrap deal: $100 off at Amazon New SPILL app: What is it and who can join? Why Flyana Boss's "You Wish" should be your song of the summer Best TV deal: Get a Samsung The Frame QLED 4K smart TV for under $900 Poetry Rx: This Is the Year by Sarah Kay New Gen AI tool transforms your favorite memes into videos — here are our top 6 Best Dyson deal: Get $120 off the Dyson Airwrap as a My Best Buy member Wordle today: The answer and hints for December 1 NYT's The Mini crossword answers for November 30 Was Holly Golightly Bisexual? by Rebecca Renner On Randy Travis’s Distinctive Whine by Drew Bratcher What do we owe our online dating matches? Spotify Wrapped 2023 date: When it comes out, how to view yours The Bloody Family History of the Guillotine Sam Altman 'hurt and angry' after OpenAI firing. But here’s why he went back anyway. I took moon pics with 3 phones. This one had the best shot. To Be At Home Everywhere by Drew Bratcher Are We All Joyceans Here, Then?
1.832s , 10103.078125 kb
Copyright © 2025 Powered by 【Exploring The Jungle Between My Wife’s Crotch】,Defense Information Network