A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers.

Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. Guardicore security researcher Amit ...

Autodiscover works great on user's local machines (desktops, laptops, etc) on the internal LAN. However I've got a Terminal Server with Outlook 2010 installed that Autodiscover fails every time you ...

Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol. On Monday, Guardicore's Amit ...

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. In a new report by Amit Serper, ...

Hi guys, need help to troubleshoot my issue here. Have been trying for days to solve this problem. - SAN certificate with mail.company.com and autodiscover.company.com names included. Installed on ...

A "design flaw" in Microsoft Exchange's Autodiscover protocol allowed researchers to access 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft ...

A design vulnerability in Microsoft Exchange Autodiscover can leak Windows credentials The flaw can show the plaintext view of email addresses and passwords The research team identified more than ...