Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation
Posted on 24 February 2021
Microsoft Exchange Server has a flaw that exists within the HasValidCanary function inside of the Canary15 class. The issue results in an insecure generation of cross site request forgery tokens that can be used to install an office-addins. An attacker can leverage this vulnerability to escalate privileges to an administrative account.
