MS Edge – HTTP Access Control (CORS) Bypass

This is a short post about a vulnerability that Prakash Sharma from our web app pentesting team, found in Microsoft Edge. TL;DR Edge failed to recognize HTTP Authentication information (i.e. Authorization Header) as credential information…