Full Disclosure mailing list archives

Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability

From: William Reyor <opticfiber () gmail com>
Date: Tue, 25 Oct 2011 19:50:31 -0400

That's my point, if a connection can only be established via SSL how can some one sidejack without either degrading the 
connection, or having physical access to the machine.

In all modern instances I've seen owa deployed, it requires SSL out of the box.

On Oct 25, 2011, at 7:45 PM, Darren McDonald <darren () dmcdonald net> wrote:

On 26 October 2011 00:30, William Reyor <opticfiber () gmail com> wrote:

How would a remote attacker be able to read my systems memory?


... how would someone gain access to your session token?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability information security (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
  - Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 25)
    - Message not available
    - Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 25)
    - Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
    - Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
    - Message not available
    - Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability William Reyor (Oct 26)
    - Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
    - Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability information security (Oct 27)
    - Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability Darren McDonald (Oct 25)
- Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability yersinia (Oct 27)