Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability

From: William Reyor <opticfiber () gmail com>
Date: Tue, 25 Oct 2011 18:36:42 -0400
Still possible when ssl connections are enforced?

On Oct 25, 2011, at 4:47 PM, Darren McDonald <athena () dmcdonald net> wrote:


On 25 October 2011 19:26, information security
<informationhacker08 () gmail com> wrote:


#Product  Outlook Web Access 8.2.254.0


#Vulnerability
SideJacking is the process of sniffing web cookies, then replaying them to
clone another user's web session. Using a cloned web session, the jacker can
exploit the victim's previously-established site access



Wait, your saying if someone gets the session token, they get access
to the session! Oh my god, why didnt I see it before? We're so
screwed, almost every web application I've ever used, written, or
tested is vulnerable to this issue. Quick, close down the internet
before it's too late!

Renski

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: