Windows 10 News and info | Forum
June 21, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New Microsoft Edge vulnerability discovered, leaks password and cookie data  (Read 304 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 28515

I Do Windows

WWW Email
« on: May 12, 2017, 05:36:19 PM »

Trailing along a number of vulnerabilities across Microsoft’s range of products recently, yet another major security flaw has been discovered. This time by security researcher Manuel Caballero, this latest flaw enables the theft of cookie and password data in Microsoft Edge, Microsoft’s default browser for Windows 10.

Using a series of techniques, cookie data, as well as passwords, can be retrieved for websites, such as Twitter and Facebook. In a video posted on YouTube, Caballero shows how this flaw could be used to access the “private” information:

The issue stems from a flaw in Microsoft Edge’s Same Origin Policy (SOP), which is a security feature that is supposed to stop cookie and password data for one domain being accessed by another. Although, clearly, it isn’t working as it should, as this is the 3rd unpatched flaw discovered recently in this very same feature.

Caballero explains the issue in granular detail on his blog, where it is explained that server redirects, iFrames and data URIs are used to retrieve passwords from sites via the Microsoft Edge browser.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 21, 2018, 04:01:28 AM