News

Vulnerability in Bing made manipulation of search results possible

By admin
Spread the love

A leak in Azure’s configuration allowed any user to log into the CMS through which Microsoft manages Bing. They could then customize search results and even insert a payload to compromise users’ accounts.

The researchers call it a leak BingBang. It is a misconfiguration of Azure Active Directory. Selecting the wrong option in the backend to grant users in their own directory access will result in anyone with an Azure account having access. This turned out to be the case, among other things, with the Bing Trivia application, with which Microsoft manages search results about trivia.

It turned out to be possible to manipulate search results in the carousel at the top of the screen. The researchers were also able to place a payload there to intercept tokens from logged in users. For every user who clicks on it, the attackers can access all Microsoft applications, such as Outlook mail and Sharepoint.

The researchers notified Microsoft on January 31. The leak was closed on February 2. The researchers then waited until all Azure platforms where every user could log in had closed the leak for them information about BingBang brought out.

You might also like
Extensions & Addns

ShortcutKey2URL for Chrome . Extension

News

Water collection from the air using a portable system

Review

AMD X870 Motherboards Review- ASUS, ASRock and MSI present line-ups

Review

New eras for old favorite – Civilization VII Review

Review

Waterproof range for your garden – TP-Link Deco X50-Outdoor Quick Test

Downloads

Download Office 365 Offline Installer ISO / IMG