[Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
William Reyor
opticfiber at gmail.com
Wed Oct 26 00:30:00 BST 2011
How would a remote attacker be able to read my systems memory?
On Oct 25, 2011, at 7:28 PM, Darren McDonald <darren at dmcdonald.net> wrote:
> On 25 October 2011 23:36, William Reyor <opticfiber at gmail.com> wrote:
>> Still possible when ssl connections are enforced?
>>
>
> Yes, because if an attacker is able read your system's memory then
> they will be able to decrypt your SSL traffic by using your symmetric
> encryption keys. I call this the encryption key sidejacking attack.
>
> Renski
Full-Disclosure is hosted and sponsored by Secunia.