gnats/91: Bad security with cookie

gnats-prs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnats/91: Bad security with cookie

From:	guy
Subject:	gnats/91: Bad security with cookie
Date:	16 Jul 2000 09:00:52 -0000

>Number:         91
>Category:       gnats
>Synopsis:       Bad security with cookie
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 16 02:04:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Guy Cohen
>Release:        unknown-1.0
>Organization:
>Environment:
Cookie enabled browsers
>Description:
You keep the password in plain text at the cookie,
So all a it takes is view ability at a user cookies 
to log in as that user to gnats.
>How-To-Repeat:

>Fix:
Remove the taken of the password field 
to the cookie ?
>Release-Note:
>Audit-Trail:
>Unformatted:

[Prev in Thread]

Current Thread

[Next in Thread]

gnats/91: Bad security with cookie, guy <=

Prev by Date: gnats/88: typename within function template causes Internal compiler error
Next by Date: gnats/92: Testing
Previous by thread: gnats/88: typename within function template causes Internal compiler error
Next by thread: gnats/92: Testing
Index(es):
- Date
- Thread