<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: ColdFusion - CFID & CFTOKEN

ColdFusion - CFID & CFTOKEN

From: Jason binger <cisspstudy_at_yahoo.com>
Date: Mon, 11 Apr 2005 17:48:44 -0700 (PDT)

I am currently doing some work with CF MX 6.1 and was
wondering if anyone had some information on the
strength of the CF cookie implementation.

How random the token generation is? How is the
generation performed?
What is the range of the generated tokens?
Has an independent security analysis been performed
and commented on in a public paper?

I have not seen any vendor supplied information on
this.

Cheers,
Jason

__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
Received on Apr 13 2005

This message: [ Message body ]
Next message: Jason binger: "User ID generation"
Previous message: James.Barkley_at_noaa.gov: "Re: keyloggers? - dont doit"
Next in thread: Andrew van der Stock: "RE: ColdFusion - CFID & CFTOKEN"
Reply: Andrew van der Stock: "RE: ColdFusion - CFID & CFTOKEN"
Reply: Rogan Dawes: "Re: ColdFusion - CFID & CFTOKEN"
Reply: Amit Klein (AKsecurity): "Re: ColdFusion - CFID & CFTOKEN"
Reply: ron thigpen: "Re: ColdFusion - CFID & CFTOKEN"
Reply: ron thigpen: "Re: ColdFusion - CFID & CFTOKEN"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]