Home / exploitsPDF  

Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation

Posted on 24 February 2021

Microsoft Exchange Server has a flaw that exists within the HasValidCanary function inside of the Canary15 class. The issue results in an insecure generation of cross site request forgery tokens that can be used to install an office-addins. An attacker can leverage this vulnerability to escalate privileges to an administrative account.

 

TOP