Microsoft has fixed a vulnerability in its login system which could be used to hijack user accounts.<\/p>\n
Cybersecurity company CyberArk found that Microsoft had left its systems vulnerable by allowing malicious parties to steal account tokens.<\/p>\n
These tokens are usually used to let users stay logged into websites and access third-party apps or websites without using their passwords.<\/p>\n
However, in research shared with TechCrunch<\/strong><\/a>, CyberArk found that there were numerous unregistered subdomains that were connected to Microsoft apps and were categorised as highly trusted.<\/p>\n If a malicious party could trick a user into clicking a crafted link to one of these subdomains, the malicious party could then steal one of the user’s access tokens.<\/p>\n CyberArk found that access tokens could be stolen in some cases with almost no user interaction – by simply using a malicious website that hides an embedded webpage.<\/p>\n This would achieve the same result as getting someone to click on a link in a malicious email.<\/p>\n The flaw was reported to Microsoft in October 2019 and was fixed three weeks later.<\/p>\n \u201cWe resolved the issue with the applications mentioned in this report in November and customers remain protected,\u201d a Microsoft spokesperson told TechCrunch.<\/p>\n Microsoft has fixed a vulnerability in its login system which could be used to hijack user accounts.<\/p>\n","protected":false},"author":341039,"featured_media":320121,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[62102,123,62104],"class_list":["post-331280","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cyberark","tag-microsoft","tag-microsoft-app"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/331280"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341039"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=331280"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/331280\/revisions"}],"predecessor-version":[{"id":331314,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/331280\/revisions\/331314"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/320121"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=331280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=331280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=331280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Now read: Amazon reveals new server chip to take on Intel<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"