• Natanael@slrpnk.net
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    8 months ago

    I’m tech support so I’ve seen some stuff, sooo many intranet sites on internal servers don’t have HTTPS, almost only the stuff built to be accessible from the outside has it. Anything important with automatic login could be spoofed if the attacker knows the address and protocol (which is likely to leak as soon as the DHCP hijack is applied, as the browser continues to send requests to these intranet sites until it times out). Plaintext session cookies are also really easy to steal this way.

    Chrome has a setting which I bet many orgs have a policy for;

    https://chromeenterprise.google/policies/#OverrideSecurityRestrictionsOnInsecureOrigin

    Of course they should set up TLS terminators in front of anything which doesn’t support TLS directly, but they won’t get that done for everything