The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Flaw in Cookies Implementation


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 24 Dec 1998 11:09:19 +1300
From: Oliver Lineham <[email protected]>
To: [email protected]
Subject: Security Flaw in Cookies Implementation

I have discovered what I beleive to be a flaw in the implementation of
cookies, that allows for possible security implications.

Products affected appear to include EVERY VERSION of Navigator that support
cookies, and EVERY VERSION of Internet Explorer that support cookies.

For a detailed explanation and analysis, please visit
http://www.paradise.net.nz/~glineham/cookiemonster.html immediately.
This site also contains a working demonstration.

The problem relates to the restrictions applied to domains outside the
united states, and how many dots they must contain.

The site contains a full analysis of the problem, and has a working
demonstration.

Regards,

Oliver Lineham

---------------------------------------------------
Internet Services / Webdesign / Strategic Planning
PO Box 30-481, Lower Hutt, NZ  [email protected]
Phone +64 4 566-0627       Facsimile +64 4 570-1900

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру