WebApp Sec mailing list archives

Re: ColdFusion - CFID & CFTOKEN

From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Sun, 17 Apr 2005 14:27:57 +0200

On 11 Apr 2005 at 17:48, Jason binger wrote:

I am currently doing some work with CF MX 6.1 and was
wondering if anyone had some information on the
strength of the CF cookie implementation.

How random the token generation is? How is the
generation performed?
What is the range of the generated tokens? 
Has an independent security analysis been performed
and commented on in a public paper?


Well, I did research all this awhile ago (on ColdFusion 4.x and 5.0, 
if memory serves- I informed Macromedia back then, and since I wasn't 
sure what they did with it, I took caution not to explicitly name 
their product as vulnerable). The results are presented in my 
"Hacking Web Applications using Cookie Poisoning" paper of mid 2002 
(http://www.cgisecurity.com/lib/CookiePoisoningByline.pdf), see 
"Example 1".

Thanks,
-Amit

Current thread:

ColdFusion - CFID & CFTOKEN Jason binger (Apr 13)
- RE: ColdFusion - CFID & CFTOKEN Andrew van der Stock (Apr 13)
- Re: ColdFusion - CFID & CFTOKEN Rogan Dawes (Apr 14)
- Re: ColdFusion - CFID & CFTOKEN Amit Klein (AKsecurity) (Apr 18)
- Re: ColdFusion - CFID & CFTOKEN ron thigpen (May 11)
- Re: ColdFusion - CFID & CFTOKEN ron thigpen (May 11)
  - Re: ColdFusion - CFID & CFTOKEN leighm (May 15)