Bugtraq mailing list archives
Re: verizon wireless website gaping privacy holes
From: "Steve Shockley" <steve.shockley () shockley net>
Date: Sun, 2 Sep 2001 02:32:09 -0400
Note the p_session_id parameter. This is the only session identifier used. They are assigned sequentially to each user as they login, and are valid until the user logs out or the session times out. Obviously, this makes it trivial to access the sessions of other users by guessing the session ID. Automated tools to grab this information in bulk as users login over time are also trivial.
Related vulnerability: if you pick a session ID below the current range, you get a message "Unable to validate URL". If you try one above the current range, you get "Unable to find URL". Naturally, this makes it trivial to zero in on the current valid session ID range, even by hand.
Current thread:
- verizon wireless website gaping privacy holes Marc Slemko (Sep 02)
- Re: verizon wireless website gaping privacy holes Gareth Owen (Sep 02)
- Re: verizon wireless website gaping privacy holes Steve Shockley (Sep 03)
- Re: verizon wireless website gaping privacy holes Russell Handorf (Sep 03)
- Re: verizon wireless website gaping privacy holes Mark Parry (Sep 03)
- Re: verizon wireless website gaping privacy holes Kevin Fu (Sep 04)
- <Possible follow-ups>
- RE: verizon wireless website gaping privacy holes Jeff Carnahan (Sep 03)
- Re: verizon wireless website gaping privacy holes Gareth Owen (Sep 02)