| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Aug 2004 18:28:29 -0400 From: George Capehart <gwc@....org> To: bugtraq@...urityfocus.com Subject: Re: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection On Tuesday 17 August 2004 04:34, Rohit Dube allegedly wrote: > Hi, > Opera's policy with respect to third party cookie makes it > vulnerable to session replay attacks. This was discovered 2 weeks > back. Opera's response to the same is attached. The issue and the > workaround are listed below. > > Opera claims to be the fastest browser on earth and has the third > largest user base. > > Issue: > In case Opera privacy policy is set to refuse all third party > cookies, some servers (one is mail.yahoo.com) become susceptible to > session replay attacks. Reproduction steps, for mail.yahoo.com are: <snip rest of discussion> Seems to me that it's not Opera that is "at fault." Browsers don't have sessions for which they need to maintain state. Application servers do, though. Shame on Yahoo for not maintaining state. This is a significant problem for Yahoo and all other sites that use cookies but do not maintain their own idea of state and which don't protect themselves against session replay attacks. Rule #1 of (especially distributed) applications: DO NOT TRUST INPUT FROM A DOMAIN UNDER WHICH YOU HAVE NO CONTROL!!!!!! This is just plain bad practice. My 0.02 $CURRENCY Best regards, George Capehart -- George W. Capehart Key fingerprint: 3145 104D 9579 26DA DBC7 CDD0 9AE1 8C9C DD70 34EA "With sufficient thrust, pigs fly just fine." -- RFC 1925
Powered by blists - more mailing lists