BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
PayPal's "invalid" aksession Padding Oracle Flaw Sep 03 2013 02:15PM
Timothy D. Morgan (tmorgan vsecurity com)
Re-posting this, since the moderators ignored it (and my follow up emails to them).

The main PayPal web site sets a cookie named "aksession" which
contains a blob of base64-encoded ciphertext. This ciphertext is
encrypted using a 64-bit block cipher in CBC mode and does not have
any other integrit...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus