Vulnerabilities > CVE-2023-23397 - Authentication Bypass by Capture-replay vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Microsoft Outlook Elevation of Privilege Vulnerability
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Session Sidejacking Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
- Reusing Session IDs (aka Session Replay) This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
- Man in the Middle Attack This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
Related news
- Critical Microsoft Outlook bug PoC shows how easy it is to exploit (source)
- Microsoft shares tips on detecting Outlook zero-day exploitation (source)
- Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers (source)
- Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (source)
- Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324) (source)
- Why Microsoft just patched a patch that squashed an under-attack Outlook bug (source)
- Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws (source)
- Russian hackers exploiting Outlook bug to hijack Exchange accounts (source)
- Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) (source)
- Fancy Bear goes phishing in US, European high-value networks (source)
- December 2023 Patch Tuesday: 33 fixes to wind the year down (source)
- Poland says Russian military hackers target its govt networks (source)