Benjamin Delby
over there. Accordingly, the login data for Microsoft Azure cloud computing platform in Windows 365 can be read in a few simple steps – and even displayed in plain text. All Delpy needed was a custom version of its password theft tool
mimics.
The expert has thoroughly checked Windows 365
Spoof: the system decrypts the data by itself
Shortly thereafter, it was time: Benjamin Delby was able to use a vulnerability he discovered in May 2021 to retrieve login data for people registered with a terminal server. The problem with this is that the login data is stored in an encrypted form, so it usually doesn’t help. However, Delpy managed to trick the Terminal Services process into decrypting the data itself and making it available in plain text.
Attack only with responsible access
Computer.
Windows 365: Security functionality missing
According to French IT security expert Delpy, only known security measures such as two-factor authentication (2FA), Windows Hello login using fingerprints or facial recognition are appropriate to protect yourself from such attacks. However, these security functions are not yet available in Windows 365. Open to see if that changes in the near future. Microsoft has not commented on the latest findings yet.
“Certified gamer. Problem solver. Internet enthusiast. Twitter scholar. Infuriatingly humble alcohol geek. Tv guru.”