Achieving Passive User Enumeration with OneDrive

1 · trustedsec · Feb. 18, 2020, 2:19 p.m.
This post was written by @nyxgeek Microsoft recently fixed a beloved user enumeration vulnerability in Office 365 that I routinely used to gain valid credentials for the last couple of years (https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/). Microsoft still hasn’t changed its official stance on user-enumeration-as-a-bug (they say it’s NOT a problem), and the company opted to fix this latest... The post Achieving Passive User Enumeration with OneDrive appeared first o...