Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: ColdFusion - CFID & CFTOKEN

Re: ColdFusion - CFID & CFTOKEN

From: Amit Klein (AKsecurity) <aksecurity_at_hotpop.com>
Date: Sun, 17 Apr 2005 14:27:57 +0200

On 11 Apr 2005 at 17:48, Jason binger wrote:

> I am currently doing some work with CF MX 6.1 and was
> wondering if anyone had some information on the
> strength of the CF cookie implementation.
>
> How random the token generation is? How is the
> generation performed?
> What is the range of the generated tokens?
> Has an independent security analysis been performed
> and commented on in a public paper?
>

Well, I did research all this awhile ago (on ColdFusion 4.x and 5.0,
if memory serves- I informed Macromedia back then, and since I wasn't
sure what they did with it, I took caution not to explicitly name
their product as vulnerable). The results are presented in my
"Hacking Web Applications using Cookie Poisoning" paper of mid 2002
(http://www.cgisecurity.com/lib/CookiePoisoningByline.pdf), see
"Example 1".

Thanks,
-Amit
Received on Apr 18 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]