It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Most company systems suffer from user enumeration flaws Most company systems suffer from user enumeration flaws
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Most company systems suffer from user enumeration flaws
Reply
 
Thread Tools
Old 29th September 2019, 15:39   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 153,575
Stefan Mileschin Freshly Registered
Default Most company systems suffer from user enumeration flaws

Skype for Business has bugs Microsoft is not fixing

Up to 13,000 organisations, including many FTSE 100 companies, are affected by user enumeration flaws that remain undetected by leading vulnerability scanners, according to security outfit, Intruder.io.

Boffins at Intruder.io found that more than 40 percent of the FTSE 100, are affected by little-known user enumeration flaws in a range of popular Microsoft products.

The research uncovered that over 13,000 Skype for Business servers on the internet are vulnerable, potentially exposing an organisation’s internal Windows network to Denial of Service (DOS) and credential guessing attacks.

Among the list of vulnerable servers are household names and large organisations whose high profile make them likely targets for remote attackers. These include numerous blue-chip companies, some of the ‘big four’ professional services firms and UK government-owned domains. The flaws have been exposing internal corporate networks to attacks for years and despite being informed of the vulnerability, Microsoft has no plans to fix the bugs. This leaves organisations without the usual patch/upgrade option that is often the best solution to fixing security issues.

Chris Wallis, Founder and CEO at Intruder.io, said: “Reconnaissance is an essential stage in every attacker’s kill-chain. Companies are facing an increasing challenge to counter the rising numbers of attacks, and anything that makes the attacker’s life harder is worth fixing. It should never be assumed that software is secure out of the box in its default configuration, and our research illustrates how many companies are exposed to unnecessary risk. Easy-to-use tools are publicly available to exploit vulnerabilities, so attacks against these commonly exposed technologies can be carried out even by unskilled attackers.”

User enumeration flaws provide attackers with a method to determine whether a specified username exists. If the attack can be automated, it allows an attacker to whittle down a large list of potential usernames to a smaller list of confirmed usernames. This list of valid usernames for a system is extremely valuable to an attacker because it facilitates a range of other attacks including automated password guessing (brute-force) and DOS attacks. Without the user enumeration flaw to first get a confirmed list of users, these attacks become an order of magnitude more difficult.

Wallis continued: “Organisations should always seek to reduce their perimeter attack surface to a minimum, as a rule of thumb the fewer services are exposed to the Internet, the harder an organisation is to breach. Wherever services must be exposed, regular vulnerability assessments and multi-factor authentication are essential survival tools no organisation should go without.”

https://fudzilla.com/news/49478-most...meration-flaws
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trump says Mac Pro will suffer from tariffs Stefan Mileschin WebNews 0 30th July 2019 08:24
Intel continues to suffer Stefan Mileschin WebNews 0 10th May 2019 15:10
Nvidia and AMD to suffer from crypto downturn Stefan Mileschin WebNews 0 18th May 2018 12:39
AMD and Nvidia to suffer from increased competition Stefan Mileschin WebNews 0 28th March 2018 13:24
If iPhone 6s fails, many will suffer Stefan Mileschin WebNews 0 4th September 2015 09:53
Software developers suffer two percent pay cut Stefan Mileschin WebNews 0 21st May 2013 07:06
All web browsers suffer from terrible security jmke WebNews 0 3rd March 2011 15:31
MSI K9N motherboards suffer random shutdowns jmke WebNews 2 8th September 2006 15:46
Intel to suffer more than AMD in price war? jmke WebNews 3 1st August 2006 20:26
Difference between user and power user lazybones Hardware/Software Problems, Bugs 4 28th November 2002 14:11

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 11:27.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO