Last Updated: 2019-12-27 19:19:55 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
I found a pretty strange request in a University Firewall being sent over and over:
Turns out this is a very cheap way to enumerate office365 users. If the X-BackEndHttpStatus header is set to 200 in the response, the user exist:
If this header is set to 302, the requested user does not exist.
This functionality is automated in the following script: https://github.com/Raikia/UhOh365.