CVE-2025-58107

In Microsoft Exchange through 2019, Exchange ActiveSync EAS configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password...

CVE-2025-58107

CVE-2025-58107 affects on-premises Microsoft Exchange environments up to 2019, specifically Exchange ActiveSync (EAS) configurations. The issue is that EAS configs may transmit sensitive data from Samsung mobile devices in cleartext, including the user’s name, email address, device ID, bearer tok...

Active Sync Gateway Connector isn't working with new devices since Update to 10.14 RP4

After upgrading from 10.14 RP3 - 10.14 RP4 any new enrolled device can't access to our Exchange Server via Active Sync Connector. After rebooting XenMobile server during the update process, we observe errors in the RemoteConfigService.log file as follows: Error |...

Multiple Calendars Secure Mail

Question: Can I synchronize multiple calendar or contacts folders using Secure Mail? Answer: You can only synchronize your default calendar folder, contact folder, and tasks folder. There is a third party limitation related to how Active Sync works, on the Microsoft website you can find the...

Opera server breach incident

News Opera server breach incident Share August 26th, 2016 Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and...

Troubleshooting Checklist: Emails are not syncing in Secure Mail, or email folders are not found, or Secure Mail is prompting users for a password multiple times

Do the following: Run the Secure Mail Test troubleshooting tool that finds issues with Active Sync policy configurations. For details, see Secure Mail Test Application. Collect Exchange Server logs. For details, see the Microsoft documentation. Collect Secure Mail logs. In the Secure Mail logs, i...

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the exchange/eas/EasAutoDiscover.java function in the implementation of the Autodiscover component of the Android operating system’s Exchange ActiveSync component is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious acto...

PT-2009-4163 · Microsoft +1 · Exchange Activesync +1

Name of the Vulnerable Software and Affected Versions: Apple iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1 Description: The Profiles component, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weake...

PT-2007-6496 · Microsoft · Activesync

Name of the Vulnerable Software and Affected Versions: Microsoft ActiveSync version 4.1 Description: The issue concerns the use of weak encryption, specifically XOR obfuscation with a fixed key, when sending the user's PIN/Password over the USB connection from the host to the device. This might...

Microsoft Active Sync DoS

Corrupted packet to TCP/5679 causes NULL reference...