[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gnats/91: Bad security with cookie
From: |
guy |
Subject: |
gnats/91: Bad security with cookie |
Date: |
16 Jul 2000 09:00:52 -0000 |
>Number: 91
>Category: gnats
>Synopsis: Bad security with cookie
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jul 16 02:04:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Guy Cohen
>Release: unknown-1.0
>Organization:
>Environment:
Cookie enabled browsers
>Description:
You keep the password in plain text at the cookie,
So all a it takes is view ability at a user cookies
to log in as that user to gnats.
>How-To-Repeat:
>Fix:
Remove the taken of the password field
to the cookie ?
>Release-Note:
>Audit-Trail:
>Unformatted:
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- gnats/91: Bad security with cookie,
guy <=