• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KDE Secure Cookie Exposure Vulnerability

The KDE HTML component used in browsers such as Konquerer does not detect the presence of the secure flag in cookies. The secure flag is used to denote that the cookie should only be sent via SSL connections. Since this flag is not properly acknowledged, it is possible that secure cookies may be sent over insecure connections. This may, under some circumstances, enable attackers to intercept "secure" cookie-based authentication credentials.