If you use Microsoft Office 365 products at work or at home, you should be aware of the software’s extensive vulnerability. The manner in which Microsoft Office 365 manages “federated identities” through Security Assertion Markup Language (SAML) allows online hackers to infiltrate accounts, data, e-mail messages and files within the software’s cloud. Relying on the cloud for data storage is certainly en vogue, yet more and more stories are emerging regarding the cloud’s security weaknesses. The Microsoft Office 365 vulnerability is just the latest example of the problem with a total reliance on the cloud for information storage and retrieval. Though Microsoft responded to the security exploit with a January 5 mitigation, it is still abundantly clear that cloud storage is fallible.
About SAML
SAML is a standard employed by businesses and other entities to transfer authentication / authorization information. It permits a single sign-on across a number of different websites, allowing for greatly improved efficiency. Microsoft’s use of SAML version 2.0 in its Office 365 software is flawed in that it does not authenticate the element known as the NameID. As a result, the exchange takes place with other values for authentication. An example of such a value is an IDPEmail attribute. The Service Provider actually relied upon the Issuer of the Assertion yet did not perform “sanity checks” on the IDPEmail attribute value. As a result, it would easily consume assertions, under the impression that Identity Provider A had authenticated users of Identity Provider B.
Details About the Attack
The Office 365 SAML service provider implementation vulnerability was first discovered by Kakavas, a Research and Technology Network company based in Greece. The firm figured out that the software’s weakness permitted the bypassing of federated domains with cross-domain authentication. The expanse of this cyberattack has been quite vast. It encompasses Outlook Online, Skype for Business, OneDrive, OneNote and more. All in all, any Microsoft Office 365 product purchased by a company in terms of licensing is vulnerable. Malevolent individuals take advantage of the vulnerability in order to obtain access to uber-sensitive personal / corporate information. Corporate in-house documents, e-mails and more have been exposed to hackers. Organizations affected by the software’s vulnerability to domains configured as federated include Verizon, Vodafone and British Airways.
Representatives from Kakavas report that the Office 365 flaw was surprisingly simple to exploit. The bug could have been present in the software since its release to the masses, or it could have transpired at any point in the meantime. In order to take advantage of the Office 365 weakness, a hacker merely needed a trial subscription to the software along with an installation of SAML 2.0 Identity Provider. An in-depth knowledge of SAML knowledge is not required to take advantage of the flaw. Once a SAML SSO is established with Office 365, the hacker is well on his way to infiltrating the user’s / company’s data. Hackers with extensive SAML knowledge have taken the hack to the next level by devising a tool that executes the attack automatically without requiring the SAML 2.0 Identity Provider. Yet the weakness is not strictly limited to individual sign-ons with SAML. Hackers have been able to execute the attack through Active Directory Federation Services as well.
Our IT Service Can Protect Your Company’s Computer Hardware, Software and Networks
Centerpoint IT is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (404) 781-0200 or send us an email at info@centerpointit.com for more information.
Call our business managed IT services department directly at (404) 777-0147 or simply fill out this form and we will get in touch with you to set up a getting-to-know-you introductory phone call.
Fill in our quick form
We'll schedule an introductory phone call
We'll take the time to listen and plan the next steps
11285 Elkins Rd Suite E1, Roswell, GA 30076
© Copyright 2024 Centerpoint IT. All Rights Reserved. Website in partnership with Tech Pro Marketing. | Privacy Policy
Get Immediate Help For All Your Technology Issues (404) 777-0147
If you want our team at Centerpoint IT to help you with all or any part of your business IT, cybersecurity, or telephone services, just book a call.
Fill in your information below to get started today.
"*" indicates required fields
Fill in your information below to schedule now.
"*" indicates required fields
Before your organization commits to 1, 2, 3 or even longer managed IT services contract, understand what you’re getting. Centerpoint IT gives you the facts in our Managed IT Services Buyer’s Guide.
Enter your information below and we’ll send it over.
"*" indicates required fields
We are turning 15 and want to celebrate this milestone with you because without you this would not have been possible. Throughout this year look for special promotions on services and tools aimed at Making IT Simple for You so you can focus on your business.
We are turning 15 and want to celebrate this milestone with you because without you this would not have been possible. Throughout this year look for special promotions on services and tools aimed at Making IT Simple for You so you can focus on your business.
https://calendly.com/centerpoint-it/discovery-call