Windows 365 exposes Microsoft Azure credentials in plaintext

The vulnerable feature is included in Windows 365’s Enterprise Mobility + Security (EMS) suite. EMS is designed to provide secure access for users to corporate resources such as emails and documents, while also providing mobile device management capabilities for administrators. However, the security feature used for authentication was found to expose credentials in plain text when accessing the Azure Active Directory.

The issue was discovered by CyberArk researchers who tested multiple versions of the Azure AD portal. According to their findings, an attacker could exploit the vulnerable feature to access the account because the credentials were stored in plain text on disk instead of being encrypted or hashed. As a result, attackers could gain unauthorised access to accounts without providing any form of authentication or authorisation.

In response to this discovery, Microsoft released a patch that resolved the vulnerability and provided an additional security layer for users logging into their accounts. In addition, Microsoft also advised customers who had been affected by this exposure to reset their passwords immediately.

This incident brings attention once again to the importance of robust security measures and highlights how easily attackers can exploit vulnerabilities in software systems if they are not properly secured. It is essential for companies and consumers alike to take steps towards keeping their data secure from potential threats by ensuring that they are regularly updating their software with available patches and implementing other best practices related to cybersecurity.

By following these measures, users can heavily reduce the risk of their account details being exposed to malicious actors and protect themselves from potential cyberattacks. Windows 365 users should remain vigilant and proactively update their systems as soon as new patches become available in order to keep their accounts safe.