Microsoft Exchange on-premises servers may expose sensitive user credentials and authentication tokens in cleartext, creating a high risk of account compromise via network interception.

This issue involves the insecure transmission of sensitive data via Exchange ActiveSync (EAS). When interacting with Samsung mobile devices, configurations may permit the cleartext transfer of usernames, email addresses, device IDs, bearer tokens, and base64-encoded passwords.

With a CVSS score of 7.5, this vulnerability presents a significant risk of credential theft. Attackers positioned on the network could intercept these transmissions to gain unauthorized access to corporate email accounts, leading to sensitive data exposure, business email compromise (BEC), and potential lateral movement within the domain.

Immediate Action: Apply the relevant Microsoft security updates for Exchange Server immediately and ensure that all EAS traffic is forced over encrypted channels (HTTPS/TLS).

Proactive Monitoring: Review Exchange logs for unusual login activity from Samsung devices and monitor network traffic for unencrypted ActiveSync headers.

Compensating Controls: Enforce the use of Multi-Factor Authentication (MFA) for all Exchange users to mitigate the risk of stolen passwords being used successfully.

Public Exploit Available: false

The exposure of authentication secrets in cleartext is a high-severity configuration and software flaw. We strongly recommend applying the vendor's security updates and verifying that TLS is strictly enforced for all mobile synchronization traffic to protect user credentials.