| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Dec 2008 04:40:40 -0700 From: darkz.gsa@...il.com To: bugtraq@...urityfocus.com Subject: Re: Joomla: Session hijacking vulnerability, CVE-2008-4122 Yes, I can reproduce this behavior. The application should reinitialize the cookie after the login but instead it will keep the previous cookie. An interesting thing this is valid only for the login_module, the administrator login page does not automatically redirect to HTTPS by configuration.
Powered by blists - more mailing lists