Microsoft Exchange Autodiscover Credential Harvest for 2026-03-10
Mar 10, 2026
WebExploit
Last Updated: 12:12 UTC
Requests to /Autodiscover/Autodiscover.xml harvest Exchange credentials from Outlook clients that auto-negotiate mail settings. Any host responding to this path can capture NTLM or Basic auth credentials. Also used in ProxyLogon reconnaissance.
CVE References
MITRE ATT&CK
Tactic: Credential Access (TA0006)
Technique: T1114.002 — Remote Email Collection
Observed URIs
/Autodiscover/Autodiscover.xml
Attackers by Country
IP Address : ASN : City/Provider
- 79.124.40.174 : AS49849 mg 2002 : Bulgaria