Japan Vulnerability NotesJVN:61972596JVN#61972596: Online Service Gate vulnerable in Office 365 password management
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.7%
Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users’ passwords. Office 365 users’ passwords are intended to be managed by a system administrator and cannot be obtained by users. OWA Helper and OSG Lite provided by Online Service Gate contain a vulnerability which allows users to obtain their own Office 365 passwords.
Impact
By obtaining a Office 365 password, a user can bypass the restriction of Online Service Gate to use Office 365.
Solution
Update the Software
The developer states that updates are applied automatically. Therefore users are not required to manually apply an update for the product.
Products Affected
Following program provided by all versions of Online Service Gate
- OWA Helper
- OSG Lite
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.7%