A string of bugs when chained together created the perfect attack to gain access to someone’s Microsoft account — simply by tricking a user into clicking a link.

Sahad Nk, an India-based bug hunter, discovered that a Microsoft subdomain, “success.office.com,” had not been properly configured, allowing him to take it over. He used a CNAME record, a canonical record used to link one domain to another, to point the unconfigured subdomain to his own Azure

Read More At Article Source | Article Attribution