BugTraq
Back to list
|
Post reply
Imail Cookie Vulnerability (unhashed)
Jul 05 2005 04:03AM
Sintigan insecure net
(1 replies)
Neither Regular or secure mode of Imail properly give out a hash on cookies leaving the cookies straight readable to any onlookers.
No exploit is needed
POC:
"IMail_UserId
1006332dgd2@Someserver"
--------------------------
"IMail_password
1234"
Straight From Cookie ^^ (edited to protect user)
Shoutz to Dcrab, Infinite, j0X, DjPc, Ch4r, Raven, FPA, woody, elohimus, kurupt3k, and the rest i forgot i still got love for :P
[ reply ]
Re: Imail Cookie Vulnerability (unhashed)
Jul 06 2005 12:57AM
Christophe Vandeplas (christophe vandeplas com)
Privacy Statement
Copyright 2010, SecurityFocus
No exploit is needed
POC:
"IMail_UserId
1006332dgd2@Someserver"
--------------------------
"IMail_password
1234"
Straight From Cookie ^^ (edited to protect user)
Shoutz to Dcrab, Infinite, j0X, DjPc, Ch4r, Raven, FPA, woody, elohimus, kurupt3k, and the rest i forgot i still got love for :P
[ reply ]