lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Apr 2013 11:19:37 -0500 From: Chris Roussel <lab12@...abit.com> To: full-disclosure@...ts.grok.org.uk Subject: GitHub Login Cookie Failure Dear Hackers, I've discovered what I think is a failure in GitHub.com login cookies: I installed the "Import Cookies" & "Export Cookies" plugins in my firefox 20, then I signed in at github and exported my cookies, then I signed out, I cleaned all the cookies in my browser and I started it again, then I imported the cookies and I am login in without typing my passwords, I've tried this with my google account, but there is clear that when I signed out the info in the cookies was annulled, then it appears like I am signed while I am searching, but if I want to check my mail/drive I have to type my password. If you can reproduce this, tell to githubbers, if you can not let us know! I know, it is very difficult to catch my cookies while I'm on an https session, but this is only a note. Best regards, _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists