Full Disclosure mailing list archives
Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
From: William Reyor <opticfiber () gmail com>
Date: Tue, 25 Oct 2011 18:36:42 -0400
Still possible when ssl connections are enforced? On Oct 25, 2011, at 4:47 PM, Darren McDonald <athena () dmcdonald net> wrote:
On 25 October 2011 19:26, information security <informationhacker08 () gmail com> wrote:#Product Outlook Web Access 8.2.254.0 #Vulnerability SideJacking is the process of sniffing web cookies, then replaying them to clone another user's web session. Using a cloned web session, the jacker can exploit the victim's previously-established site accessWait, your saying if someone gets the session token, they get access to the session! Oh my god, why didnt I see it before? We're so screwed, almost every web application I've ever used, written, or tested is vulnerable to this issue. Quick, close down the internet before it's too late! Renski _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability information security (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 25)
- Message not available
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Message not available
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 26)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability information security (Oct 27)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)