Passwords are the bane of users and security teams? lives. Despite years of security teams educating users about not using 123456 as a password, not recycling passwords across multiple personal and professional accounts, and implementing even more rigorous password rules and investments in password manager tools, these combinations of letters, numbers, and special characters remain a rich target for attackers.
Summary
A new vulnerability named ProxyToken has been disclosed by the Zero-Day Initiative Blog. Like ProxyShell, this vulnerability targets Microsoft Exchange servers.
Overview
A new vulnerability in Microsoft Exchange named ProxyToken has been observed by researchers and disclosed to the Zero-Day Initiative program. The vulnerability allows attackers to skip authentication and change an Exchange server's backend configuration. According to Le Xuan Tuyen, the original researcher credited for discovering th