19
In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell (fedia.io)
submitted 5 months ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io
4 comments fedilink hide all child comments

In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.

Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:

https://learn.microsoft.com/en-us/purview/technical-reference-details-about-encryption#aes256-cbc-support-for-microsoft-365

#vulnerability #infosec #cybersecurity

you are viewing a single comment's thread
view the rest of the comments
[-] Poach@lemmy.world 1 points 5 months ago

I think you're very misguided if you think Microsoft is the best of the best at anything but driving their customers away. Specifically, power users.

this post was submitted on 29 Nov 2024
19 points (100.0% liked)

Cybersecurity

2 readers
21 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
shellsharks@fedia.io
tweedge@fedia.io