[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
- To: Darren McDonald <darren@xxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
- From: William Reyor <opticfiber@xxxxxxxxx>
- Date: Tue, 25 Oct 2011 19:50:31 -0400
That's my point, if a connection can only be established via SSL how can some
one sidejack without either degrading the connection, or having physical access
to the machine.
In all modern instances I've seen owa deployed, it requires SSL out of the box.
On Oct 25, 2011, at 7:45 PM, Darren McDonald <darren@xxxxxxxxxxxxx> wrote:
> On 26 October 2011 00:30, William Reyor <opticfiber@xxxxxxxxx> wrote:
>> How would a remote attacker be able to read my systems memory?
>>
>
> ... how would someone gain access to your session token?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/