Microsoft API Flaws Exposed Emails, Passwords; Patched Now

Seattle, January 3, 2025-Microsoft API flaws in Dynamics 365 and Power Apps exposed emails and passwords. Patches are now available; users are urged to secure their systems.

Critical vulnerabilities in Microsoft’s Dynamics 365 and Power Apps APIs left millions of sensitive data records, including emails and password hashes, exposed to potential attackers. Discovered by Stratus Security, these now-patched flaws highlighted major gaps in API access controls.

The vulnerabilities affected the OData Web API Filter and FetchXML API. Attackers could exploit these weaknesses to access restricted data, bypassing security measures. For example, one flaw allowed sequential character-based guessing to extract entire password hashes. Another enabled unauthorized access to primary email addresses through manipulated queries.

These vulnerabilities underline the importance of robust access controls. In the wrong hands, this data could lead to widespread breaches or credential-based attacks.

Stratus Security emphasized the severity of the risks. This discovery has heightened concerns about API security, especially in tools widely used for business operations.

An attacker could compile sensitive lists, crack passwords, or sell data on the dark web.

Microsoft acted swiftly, patching the vulnerabilities by May 2024. Users are urged to update their systems immediately and review access configurations to prevent future risks.

These incidents highlight how large companies managing extensive user data must stay vigilant.

Businesses using Dynamics 365 and Power Apps should prioritize patching and consider additional monitoring.

Other News At VPNRanks

Hey, wait!

Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!