|
The Exchange Autodiscover service provides an easy way for your client application to configure itself with minimal user input. Most users know their email address and password, and with those two pieces of information, you can retrieve all the other details you need to get up and running.
Security researchers have discovered a design flaw in this feature of the Microsoft Exchange email server that can be abused to harvest Windows domain and app credentials.
More Information about the possible attacks on the website of Guardicore.
|