CVE-2022-2076

by Fred · Published 14/06/2022 · Updated 14/06/2022

A vulnerability has been found in Microsoft 365 and classified as critical. The session cookies introduce a session expiration issue as they might be used by two clients at the same time. The attack can be initiated remotely. Exploit details have been disclosed to the public. The real-world consequences of this vulnerability are still doubted at the moment. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue.

Date published : 2022-06-14

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation

https://github.com/sixgroup-security/Advisories/tree/main/20211209_Missing-Session-Hijacking-Protection-in-Microsoft-O365

CVE-2022-2076

Related

Recent Posts

Categories

Latest CWE

CVE-2022-2076

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE