Vigil@nce - Windows: Man-in-the-middle of WebDAV Client
October 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-middle between the WebDAV
Client of Windows and its server, in order to read or alter data.
Impacted products: Windows 2008 R0, Windows 2008 R2, Microsoft
Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Creation date: 11/08/2015.
DESCRIPTION OF THE VULNERABILITY
The Windows product offers a WebDAV client.
However, it accepts SSL version sessions.
An attacker can therefore act as a Man-in-the-middle between the
WebDAV Client of Windows and its server, in order to read or alter
data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-Man-in-the-middle-of-WebDAV-Client-17639