{"id":16773,"date":"2017-05-16T13:03:13","date_gmt":"2017-05-16T18:03:13","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=16773"},"modified":"2017-05-16T13:03:13","modified_gmt":"2017-05-16T18:03:13","slug":"edge-security-flaw-allows-theft-of-facebook-and-twitter-credentials","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=16773","title":{"rendered":"Edge Security Flaw Allows Theft of Facebook and Twitter Credentials"},"content":{"rendered":"<blockquote><p>To exploit the flaw, Caballero says that an attacker can use server redirect requests combined with data URIs, which would allow him to confuse Edge&#8217;s SOP filter and load unauthorized resources on sensitive domains. The expert <a href=\"http:\/\/www.brokenbrowser.com\/sop-bypass-uxss-stealing-credentials-pretty-fast\/\" target=\"_blank\" rel=\"nofollow\">explains the attack<\/a> step by step on his blog.<\/p>\n<p>In the end, the attacker will be able to inject a password form on another domain, which the built-in Edge password manager will automatically fill in with the user&#8217;s credentials for that domain. Below is a video of the attack.<\/p><\/blockquote>\n<p>Source: <em><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/edge-security-flaw-allows-theft-of-facebook-and-twitter-credentials\/\">Edge Security Flaw Allows Theft of Facebook and Twitter Credentials<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To exploit the flaw, Caballero says that an attacker can use server redirect requests combined with data URIs, which would allow him to confuse Edge&#8217;s SOP filter and load unauthorized resources on sensitive domains. The expert explains the attack step &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=16773\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35],"tags":[1125,50,698,655],"class_list":["post-16773","post","type-post","status-publish","format-standard","hentry","category-operating-systems","tag-exploit-vector","tag-microsoft","tag-security-research","tag-web-browsers"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/16773","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16773"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/16773\/revisions"}],"predecessor-version":[{"id":16774,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/16773\/revisions\/16774"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16773"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}