A bug bounty hunter from India, Sahad Nk who works forSafetyDetective, a cybersecurity firm, has received a reward from Microsoft for uncovering and reporting a series of critical vulnerabilities in Microsoft accounts.
These vulnerabilities were present on users’ Microsoft accounts from MS Office files to Outlook emails. This means, all kinds of accounts (over 400 million) and all sorts of data was susceptible to hacking. The bugs, if chained together, would become the perfect attack vector for acquiring access to a user’s Microsoft account. All the attacker required was to compel the user to click on a link.
According to Sahad Nk’s blog post, a subdomain of Microsoft namely “success.office.com,” isn’t configured properly, which is why he was able to control it using a CNAME record. It is a canonical record that connects a domain to another domain. Using CNAME record, Sahad was able to locate the misconfigured subdomain and point it to his personal Azure instance to gain control of the subdomain and all the data that it received.