Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: GitHub Login Cookie Failure
From: Chris Roussel <lab12 () lavabit com>
Date: Mon, 08 Apr 2013 18:50:45 -0500

On 04/08/2013 04:43 PM, Jeffrey Walton wrote:

You might also check to see if the session identifier changes between
sessions. If not, GitHub may be using static session IDs, which means
they could be guessable.

Well, at least the first 103 (there are 303) characters are static. But
I think that it will take you at least twice the age of the universe to
guess that ID.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]