Microsoft Office 365 web-based e-mail is leaking out IP addresses in e-mails
Digging deeper, the report reveals that the webmail application injects the IP address below the email’s “x-originating-IP” header. Interestingly, the report also noted that this is not really a bug but an enterprise-level feature.
An online report has been published in an amazing release about the web version of the Microsoft Office 365 email. The report reveals that the Office 365 Web App is leaking its users’ IP addresses via email. Apparently, the app is injecting local IP addresses of users inside email under the additional heading. The report highlighted that Office 365 is the only webmail service that injects local IP addresses into emails. It even went ahead to confirm it by checking the webmail interfaces of Outlook.com, AOL, Yahoo, Gmail and Office 365.
Microsoft Office 365 Webmail IP Exposing Details :
According to an extensive report by Bleeping Computer, Office 365 webmail users are publishing their IP addresses via email. Microsoft Office 365 does not notify its users. To Digging deeper, the report reveals that the webmail application injects the IP address below the email’s “x-enthusiast-IP” header. Interestingly, the report also noted that this is not actually a bug but an enterprise-level feature. The report revealed that Microsoft removed the title from the Hotmail in 2013. The “X-Originating-IP” tag appeared in the official customer version of Hotmail before 2013. Microsoft has made it clear that it has removed this tag to improve “online safety and security of its users”.