mailing list archives
Re: GitHub Login Cookie Failure
From: Chris Roussel <lab12 () lavabit com>
Date: Mon, 08 Apr 2013 18:50:45 -0500
On 04/08/2013 04:43 PM, Jeffrey Walton wrote:
You might also check to see if the session identifier changes between
sessions. If not, GitHub may be using static session IDs, which means
they could be guessable.
Well, at least the first 103 (there are 303) characters are static. But
I think that it will take you at least twice the age of the universe to
guess that ID.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/