Josh-CO Dev

Solving the worlds problems one line of code at a time.


Leave a comment

Severe Office 365 Token Disclosure Vulnerability

My organization is doing what many organizations that use Microsoft products are doing right now, and that is evaluating Office 365. I think it’s safe to say that the response from the Security team has been overwhelmingly that it is a bad idea from the get go, especially with the amount of confidential data that we have. On top of this, it is a lot more expensive compared to our internal, secure hosting that we are using now. Suffice to say, I was incredibly joyful when I stumbled across an article last night showcasing a severe vulnerability for Office 365. Check it out at: Office 365 Vulnerability

Now, this is being released because Microsoft is about to patch it, but it has been around since at least April, and most likely longer, and there are probably many other security issues as well. It’s always nice to see articles such as this when as Microsoft sales reps are constantly telling you just how secure everything is, how there are no problems, and it is just as secure as the internal hosting we’re using now. We all know it’s a line of bullshit, but it is nice to have the proper validation.

Advertisements