Windows 10 News and info | Forum
July 28, 2017, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot and Botscout | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website Windows 8 Forum Help Login Register  
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New Microsoft Edge vulnerability discovered, leaks password and cookie data  (Read 151 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 26839


I Do Windows


WWW Email
« on: May 12, 2017, 05:36:19 PM »
ReplyReply

Trailing along a number of vulnerabilities across Microsoft’s range of products recently, yet another major security flaw has been discovered. This time by security researcher Manuel Caballero, this latest flaw enables the theft of cookie and password data in Microsoft Edge, Microsoft’s default browser for Windows 10.

Using a series of techniques, cookie data, as well as passwords, can be retrieved for websites, such as Twitter and Facebook. In a video posted on YouTube, Caballero shows how this flaw could be used to access the “private” information:



The issue stems from a flaw in Microsoft Edge’s Same Origin Policy (SOP), which is a security feature that is supposed to stop cookie and password data for one domain being accessed by another. Although, clearly, it isn’t working as it should, as this is the 3rd unpatched flaw discovered recently in this very same feature.

Caballero explains the issue in granular detail on his blog, where it is explained that server redirects, iFrames and data URIs are used to retrieve passwords from sites via the Microsoft Edge browser.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Google visited last this page July 26, 2017, 10:39:47 AM