Full Disclosure mailing list archives
Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
From: Darren McDonald <athena () dmcdonald net>
Date: Wed, 26 Oct 2011 00:42:14 +0100
On 25 October 2011 23:36, William Reyor <opticfiber () gmail com> wrote:
Still possible when ssl connections are enforced?
Yes, because if an attacker is able read your system's memory then they will be able to decrypt your SSL traffic by using your symmetric encryption keys. I call this the encryption key sidejacking attack. Renski _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability information security (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 25)
- Message not available
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Message not available
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 26)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability information security (Oct 27)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)