Download PDF

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Set up decryption on an MS Exchange server

SSL decryption is a powerful tool for increasing visibility into your network. The MS Exchange vulnerability, CVE-2021-26855, presents a compelling reason to set up decryption on Exchange servers. This vulnerability enables attackers to conduct server-side request forgery (SSRF) attacks by sending tailored HTTP requests over unauthenticated connections. These requests are usually encrypted over HTTPS, so the only way to know if a request contains those tailored instructions is to decrypt the HTTPS payloads.

By installing a session key forwarder on your Exchange server, you can ensure that ExtraHop can decrypt Exchange traffic safely. Because CVE-2021-26855 was exploited over HTTPS, we recommend that you specifically decrypt HTTP traffic by following the instructions in the following section: Add a global port to protocol mapping.

Learn more about SSL/TLS decryption.

Last modified 2024-04-01

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information

Set up decryption on an MS Exchange server