125 matches found
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash requires IE + some transparent proxies or virtual hosting The method described here is pretty simple. It works though only on HTTP not HTTPS credentials. Also, it works only when the client browses using IE...
Multiple networking devices fail to set the "Secure" attribute of a cookie
Overview Multiple vendors' networking devices fail to set the "Secure" cookie attribute and could disclose sensitive information about a user's HTTP session. Description Many networking devices provide a built-in web server, which may support the HTTPS protocol. When a user logs into the device...
Secure cookie access in Knoqueror
Cookie with secure flag may be sent via unsecured channel...
KDE Security Advisory: Secure Cookie Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: Secure Cookie Vulnerability Original Release Date: 2002-09-08 URL: http://www.kde.org/info/security/advisory-20020908-1.txt 0. References None. 1. Systems affected: Konqueror in KDE 3.0, KDE 3.0.1 and KDE 3.0.2. KDE 2.2.2 and KD...
Проблемы с Secure Session Id в IIS
При использовании защищенного соединения не генируется Secure Cookie для передачи Session Id, вместо это используется тот же ID что и для незащищенного соединения, что позволяет перехватить защищенное соединение...