|
Full Disclosure
mailing list archives
Re: Predefined Post Authentication Session ID Vulnerability
From: Douglas Huff <mith () jrbobdobbs org>
Date: Fri, 13 Jul 2012 13:27:33 -0500
On Jul 13, 2012, at 13:24, Gage Bystrom <themadichib0d () gmail com> wrote:
Well if I understand Tim correctly you wouldn't need a CA. In the attack he mentioned not once do you ever actually
look at the ssl content. He's talking about redirecting them to plain http and then setting the session cookie and
redirecting them back.
You're right. I misread slightly. Same tool would still work just scrap the ca comment. :) _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
