Vulnerability Development mailing list archives
Re: about cookies
From: Greg Hunt <greg () supplyedge com>
Date: Thu, 16 May 2002 10:27:52 -0700
The audiogalaxy satellite itself also sends your username/password in cleartext, I think we're just supposed to assume it's not secure. The only attacks I can think of if you know the username/password is a DoS attack by filling the user's hard drive with mp3s.
Well, the cookie of audiogalaxy (www.audiogalaxy.com) on the user system, reveal the username and password in plain text. This maybe a small problem, but it will better even steal the session cookie; i think.
-- ------SupplyEdge------- Greg Hunt 800-733-3380 x 107 greg () supplyedge com
Current thread:
- about cookies Eduardo Caballero (May 16)
- Re: about cookies Greg Hunt (May 16)
- Re: about cookies quentyn (May 17)
- <Possible follow-ups>
- Re: about cookies Eduardo Caballero (May 19)
- Re: about cookies Greg Hunt (May 16)