Vulnerability Development mailing list archives

Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others)

From: Dug Song <dugsong () monkey org>
Date: Thu, 30 Aug 2001 16:24:14 -0400

On Thu, Aug 30, 2001 at 03:37:01PM -0400, Jose Nazario wrote:

predictive cookie values are nothing new. :)


fubob cracked the WSJ.com master key with a simple adaptive chosen
plaintext attack last year. see his paper on client web authentication
(which won best student paper at this past USENIX) for a nice overview:

        http://cookies.lcs.mit.edu/

-d.

---
http://www.monkey.org/~dugsong/

Current thread:

RE: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Norman Cook (Aug 30)
- RE: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Jose Nazario (Aug 30)
  - Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Dug Song (Aug 30)
  - Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Kevin Fu (Aug 30)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdF usion (maybe others) Kevin Fu (Aug 30)