Dynamics 365 Sandbox Sitemap

BestsellerMagazine.com - CATEGORY News update: TITLE

Another day, another credential found wandering without a leash: Microsoft accidentally left a Dynamics 365 TLS certificate and private key where they could leak, and according to the discoverer, took 100 days to fix the bungle.

Matthias Gliwka, a Stuttgart-based software developer, discovered the slip while working with the cloud version of Redmond's ERP system.

Writing at Medium, Gliwka said the TLS certificate was exposed in the Dynamics 365 sandbox environment, designed for user acceptance testing.

Unlike the development and production servers, the sandbox gives admins RDP access, and “that's where the fun begins”.

Access from any sandbox environment yields “ a valid TLS certificate for the common name *.sandbox.operations.dynamics.com and the corresponding private key — by the courtesy of Microsoft IT SSL SHA2 CA!”.

With the certificate (which can be exported with fairly basic tools) and the private key, Gliwka said that any man-in-the-middle can see user communications in the clear, and can modify that content without detection.

@msftsecresponse Reported a leaked TLS private key for a cloud product >45 days ago - still no response. Can you take a look? Case #40397

— Matthias Gliwka (@cerebuild) October 4, 2017

Gliwka detailed extensive communications with Microsoft to explain the issue, and after his efforts to get the problem fixed proved fruitless, he contacted German tech freelancer Hanno Böck to get coverage.

Böck tried filing a bug ticket with Mozilla's bug tracker (since browsers track which certificates are trustworthy), and that got Microsoft moving. Gliwka wrote that the hole was plugged on 5 December – quite some time after his original notification to Microsoft on 17 August. ®

​​ BestsellerMagazine.com, sites News largest in the world. News artist, celebrity gossip, celebrity interviews, vent celebrities, photos of celebrities, celebrities.

Source : https://www.theregister.co.uk/2017/12/11/dynamics_365_sandbox_leaked_tls_certificates/

Dynamics 365 sandbox leaked TLS certificates
Microsoft exposed private TLS key for Dynamics 365
Developing Apps for Dynamics 365 for Finance and Operations, Business edition
Microsoft Needed 110 Days to Fix Critical Security Bug After First Ignoring It
TLS private key for Microsoft cloud ERP product leaked
Microsoft readies new Dynamics 365-branded HCM apps, virtual customer service agents
Adobe integrates Microsoft Dynamics 365 with Experience Manager
Microsoft's New Dynamics 365 Combines CRM, ERP In The Cloud, Enticing Channel Partners To Expand Practices
Microsoft Pours LinkedIn Data onto Dynamics 365 for Sales Organizations
[LIMITED STOCK!] Related eBay Products