Harry Sintonen on Nostr: In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) ...
In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.
Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:
https://learn.microsoft.com/en-us/purview/technical-reference-details-about-encryption#aes256-cbc-support-for-microsoft-365
#vulnerability #infosec #cybersecurity
Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:
https://learn.microsoft.com/en-us/purview/technical-reference-details-about-encryption#aes256-cbc-support-for-microsoft-365
#vulnerability #infosec #cybersecurity