JVN#61972596
Online Service Gate vulnerable in Office 365 password management
Overview
Online Service Gate contains a vulnerability in Office 365 password management.
Products Affected
Following program provided by all versions of Online Service Gate
- OWA Helper
- OSG Lite
Description
Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are intended to be managed by a system administrator and cannot be obtained by users. OWA Helper and OSG Lite provided by Online Service Gate contain a vulnerability which allows users to obtain their own Office 365 passwords.
Impact
By obtaining a Office 365 password, a user can bypass the restriction of Online Service Gate to use Office 365.
Solution
Update the Software
The developer states that updates are applied automatically. Therefore users are not required to manually apply an update for the product.
Vendor Status
| Vendor | Link |
| SoftBank Technology, Inc. | Online Service Gate update released (in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-2308 |
| JVN iPedia |
JVNDB-2013-000035 |