- Oct 23, 2012
- 12,527
Users of outlook.com or hotmail.com, Microsoft’s two email services, should take note now. Information are stored in cookies when you use the site including whether you have successfully authorized your account or not. If the information is available, you can open and close both services without having to log in again to one of them. That’s great as it is comfortable, but also problematic as it means that someone else can copy that cookie from your system to access your email account online without re-authorization.
What makes this particularly worrying is that logging out of the services does not invalidate the session information stored in the cookie. If someone exports the cookie when the session is still active, it continues to work after the user logged out on the PC and invalidated the session information saved to the cookie.
Here is a – silent – demo video that demonstrates how this works.
Read More Here
What makes this particularly worrying is that logging out of the services does not invalidate the session information stored in the cookie. If someone exports the cookie when the session is still active, it continues to work after the user logged out on the PC and invalidated the session information saved to the cookie.
Here is a – silent – demo video that demonstrates how this works.
Read More Here
Last edited by a moderator:
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
