Microsoft Outlook Web Access 'no-store' HTTP Directive Information Disclosure Weakness

IT セキュリティ

MicrosoftのOWAにローカルパソコンの機密情報が出てしまう脆弱性が存在するそうです。

Exloitが動くと端末IEのキャッシュが読まれるそうです。

Microsoft Outlook Web Access is prone to a weakness that may allow sensitive information to be unintentionally stored on the local computer.
To exploit this issue, an attacker would need to exploit another vulnerability. Specifically, the attacker would need to be able to read the victim's cache.

HTTP/1.1のno-cache / no-storeなんかが微妙みたい

Some versions of Outlook Web Access (OWA) may use the no-cache instead of the no-store HTTP 1.1 directive. This results in web browsers caching sensitive information.

screenshot