Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Cookies
From: Kev <klmitch () MIT EDU>
Date: Tue, 8 Aug 2000 14:23:17 -0400
In an http application : no with a buffer overflow but yes to access
application privileges.
. The more often, the cookie is used to remember the login with which you
  authenticated. Change that cookie and you are someone else :-( !
. Other times, that cookie is used to remember which part of the web site
  you may access : change that cookie and you may access anywhere :-( !

Often the cookie is obfuscated with a pseudo cryptographic algorythm à la
xor using a short fixed length key.


In one Web-accessible application I wrote, I did indeed put the authentication
information in a cookie, but I also put an MD5 hash of the contents of the
cookie appended to a secret that I placed in a configuration file, to prevent
this very security problem.  I'm curious, though, if anyone can point out
any problems with this approach?
--
Kevin L. Mitchell <klmitch () mit edu>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]