cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
adrien_c
Level: Power Up

Log out doesn't log out : spy account, read mails, see OneDrive's file in another account than yours

To reproduce this bug, you will need 2 accounts in the same Office 365 tenant, and Firefox or Chrome (I didn't test it on Edge).

0) Go to office.com in your browser

1) Log in with account 1.

2) Open Outlook in one tab, OneDrive in a second tab.

3) In your onedrive tab, log out. You will meet the message : "it's a good idea to close all browser windows". Don't close it for now.

4) Still in the onedrive tab, press the back button of your browser or enter the address : "office.com"

5) Log in with account 2

6) From now on, if you try to open Outlook, you will open Outlook of account 1, and if you want to open OneDrive, you will open OneDrive of your account 2.

7) Return to your first tab, where you still have Outlook account 1. Refresh the page, open mails, search for mails, send an email : you are really still connected under account 1. You can spy on the mail of account 1 freely.

8) Try to open OneDrive or Outlook from any tab : you will always have this combination : Outlook with account 1, OneDrive with account 2.

9) Close the Outlook tab. Open a new tab and go directly to outlook.office365.com, or open Outloog in a new tab from the menu of your OneDrive tab account 2 : you will access to Outlook of account 1.

 

The problem remains almost identical when you close all browser windows : in a clear-from-all-data-browser, do :

1) Log in on office.com

2) Log off.

3) Close tab and close window, as said by Office after the supposed log out

4) Re-open your browser.

5) Go to office.com : you are logged in without being prompted for any password ! (you have never been effectively logged out)

 

Works, of course, with an administrator account too.

Infact, as an administrator, I can't really log out : I can try whatever I want to log out, click the log out button, close the tab, close the window... when I reopen my browser, and go to office.com, I reconnect automatically to the admin portal with being prompted for my password.

 

 

Problem solved only when you use Office.com in a private window of your browser. The problem doesn't seem to be reproducible if you log in with an account of two different Office 365 tenant (account 1 in tenant A, account 2 in tenant B) : when you try to log in with account 2 of tenant 2 in the OneDrive tab, you are blocked and asked to disconnect from all accounts.

 

Please fix this identification/log-out problem : it's a very critical problem to be able to view the emails of another account in the same browser (think : malevolent employee, spying boss, or public internet computer).

1 REPLY 1
Community Support Team
Community Support Team

Re: Log out doesn't log out : spy account, read mails, see OneDrive's file in another account than y

Hi @adrien_c,

 

I made some tests using Chrome, the issue you mentioned could not be reproduced by me.

I have made the following test. Go to office.com on Chrome, log in with Account1. Open Outlook in one tab, OneDrive in a second tab. Then log out OneDrive, the message you mentioned didn’t occur.

Once I logged out, I was asked to Pick an account to sigh out. Then I chose the account and a message “You’re signed out of Office 365” returned.

Please try to clear your browser cache and try again.

I am always using Edge and the issue you mentioned have never happened before. Please take a try with it.

Please let me know if you are still having the issue.

 

Best regards,

Mabel

Community Support Team _ Mabel Mao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
firstImage

Microsoft Business Applications Virtual Launch Event

Join us for an in-depth look at the new innovations across Dynamics 365 and the Microsoft Power Platform.

firstImage

Watch Sessions On Demand!

Continue your learning in our online communities.

Power Platform 2019 Release Wave 2 Plan

Power Platform 2019 Release Wave 2 Plan

Features releasing from October 2019 through March 2020

thirdimage

Flow Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

fifthimage

Microsoft Learn

Learn how to build the business apps that you need

sixthImage

Power Platform World Tour

Find out where you can attend!

seventhimage

Webinars & Video Gallery

Watch & learn from the Flow Community Video Gallery!

Users Online
Currently online: 81 members 4,605 guests
Please welcome our newest community members: