Autodiscovering the Great Leak. Autodiscover, a protocol used by Microsoft Exchange for automatic configuration of clients such as Microsoft Outlook, has a design flaw that causes the prot ocol to “leak” web requests to Autodiscover domains outside of the user’s domain but in the same TLD. This is a severe security issue, since if an attacker can control such domains or has the ability to “sniff” traffic in the same n etwork, they can capture domain credentials in plain text that are being transferred over the wire.