Unsubscribe Thanks, Gary Sent from my iPhone
> On Mar 20, 2018, at 3:03 AM, Advisories <[email protected]> > wrote: > > ############################################################# > # > # COMPASS SECURITY ADVISORY > # https://www.compass-security.com/research/advisories/ > # > ############################################################# > # > # Product: Microsoft Intune [1] > # Vendor: Microsoft > # CSNC ID: CSNC-2017-026 > # Subject: Preserved Keychain Entries > # Risk: Medium > # Effect: Locally exploitable > # Author: Stephan Sekula <[email protected]> > # Date: 31.08.2017 > # > ############################################################# > > Introduction: > ------------- > Define a mobile management strategy that fits the needs of your organization. > Apply flexible mobile device and app management controls that let employees > work with the devices and apps they choose while protecting your company > information. [1] > > Compass Security discovered a design weakness in Microsoft Intune's iOS > Keychain management. This allows users to access company data even after the > device has been unenrolled. > > > Technical Description > --------------------- > If a user's device, which is enrolled with their company's MDM, is > unenrolled, their Office access tokens are not removed from the iOS Keychain. > Furthermore, the respective tokens are not invalidated on the server-side. > Therefore, if the user reinstalls Office to their device after unenrollment, > they may again obtain full access to the company's files. > > > Workaround / Fix: > ----------------- > This issue can be fixed by invalidating the user's access token on the > server- and client-side. In addition, the Keychain items could also be > encrypted with a key stored in the app's data directory. Since this key is > removed with the data directory on uninstallation of the app, this renders > the Keychain entry useless. > > > Timeline: > --------- > 2017-08-22 Discovery by Stephan Sekula > 2017-09-17 Initial vendor notification > 2017-09-18 Initial vendor response > 2017-10-04 Asking vendor for update > 2017-10-04 Vendor replies that engineers are working on reproducing the issue > 2017-11-01 Asking vendor for an update > 2017-11-02 Vendor replies - They are waiting for a partner team to respond > on the case. > 2018-01-08 Asking vendor for update - No response > 2018-02-12 Asking vendor for update - No response > 2018-03-19 Public disclosure > > > References: > ----------- > [1] https://www.microsoft.com/en-us/cloud-platform/microsoft-intune
