Microsoft Edge Vulnerability Allows Cookie and Password Theft


Recommended Posts

+warwagon
Quote

 

A vulnerability in the Microsoft Edge browser can be exploited and allow an attacker to obtain a user's password and cookie files for various online accounts.

The vulnerability came to light following research by Manuel Caballero, a security expert who has a long history of unearthing Edge [1, 2] and Internet Explorer flaws [1].

 

Caballero's recent discovery is a bypass of the Same Origin Policy (SOP), a browser security feature that prevents website A from loading and executing scripts loaded from website B.

Vulnerability lets attackers bypass Edge's SOP protection

 

This flaw, which Caballero disclosed today in a headache-inducing technical write-up, allows an attacker to load and execute malicious code with the help of data URIs, meta refresh tag, and domainless pages, such as about:blank.

 

In various variations of the exploitation technique Caballero showed how an attacker could execute code on high-profile sites just by tricking the victim into accessing a malicious URL.

In three proof-of-concept demos, the researcher executed code on the Bing homepage, tweeted on behalf of another user, and stole the password and cookie files from a Twitter account.

The last attack re-exposed a security flaw in the design of modern browsers, such as an attacker's ability to logout a user, load the login page, and steal the user's credentials that are automatically filled in by the browser's password autofill feature.

 

 

 

5
 

https://www.bleepingcomputer.com/news/security/microsoft-edge-vulnerability-allows-cookie-and-password-theft/

 

Checked the front page going back to April 21st and didn't see it posted.

Link to post
Share on other sites
  • 2 weeks later...
tompkin

Has anyone seen an estimated time when this might be fixed?

Link to post
Share on other sites
+warwagon
1 hour ago, tompkin said:

Has anyone seen an estimated time when this might be fixed?

 

I don't know, I hadn't heard much coverage about it.

  • Like 1
Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.