The anatomy of an Office 365 Vulnerability. How a flaw was detected and fixed

Tony Redmond · ‎Jul 21 2016

The potential dangers that lurk in massive multi-tenant infrastructures were illustrated by a weakness in an Office 365 API discovered in early July 2016 by researchers at Cogmotive, an ISV specializing in reporting and analysis of Office 365. After Cogmotive reported the vulnerability to Microsoft, it was quickly fixed and Cogmotive was thanked through Microsoft’s Online Services Bug Bounty program. All’s well that ends well. https://www.itunity.com/article/anatomy-office-api-vulnerability-3503

Vasil Michev · ‎Jul 22 2016

Meh, that even isn't the first vulnerability related to OAuth they've had, one would think they've learned something from the previous ones. Eh, programmers...

Tony Redmond · ‎Jul 22 2016

True. But that wasn't the point of the article. I think the more interesting aspects are the fact that an Online services bug bounty program exists and the way that the MSRC coordinates reports of vulnerabilities to make sure that they are addressed ASAP.

The anatomy of an Office 365 Vulnerability. How a flaw was detected and fixed

The anatomy of an Office 365 Vulnerability. How a flaw was detected and fixed

RE: The anatomy of an Office 365 Vulnerability. How a flaw was detected and fixed

Re: RE: The anatomy of an Office 365 Vulnerability. How a flaw was detected and fixed

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

The anatomy of an Office 365 Vulnerability. How a flaw was detected and fixed

The anatomy of an Office 365 Vulnerability. How a flaw was detected and fixed

RE: The anatomy of an Office 365 Vulnerability. How a flaw was detected and fixed

Re: RE: The anatomy of an Office 365 Vulnerability. How a flaw was detected and fixed