Microsoft Autodiscover protocol leaking credentials: How it works

The Microsoft Exchange Autodiscover protocol is a protocol that has been around for years. But with recent claims that it might be leaking credentials to anyone who is listening to connections coming from it, researchers have decided to pay attention and dig much deeper into the operation of this protocol. 

Learn how to secure both your corporate environment and your personal computer, provided that you use Exchange-based clients such as Outlook, Calendar and the default Mail for Windows app.

What is the Microsoft Exchange Autodiscover Protocol?

According to a post by Microsoft, the Autodiscover protocol minimizes the effort needed for the configuration of clients by offering them Exchange features. When dealing with Exchange Web Services (EWS) clients, it is used to find the EWS URL. Autodiscover can also help clients perform configuration with other protocols. 

The Microsoft Exchange Autodiscover Protocol allows for the easy and quick configuration of Exchange Web Services (EWS) clients. This is made possible by Autodiscover, which performs two actions: first, it finds the EWS endpoint URL; second, it automatically configures clients using other protocols. 

How does the Microsoft Exchange Autodiscover Protocol work?

When first-time users set up their Exchange email clients, they must provide their email address

Read More: https://resources.infosecinstitute.com/topic/microsoft-autodiscover-protocol-leaking-credentials-how-it-works/