Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information

Discussion in 'other security issues & news' started by ronjor, Sep 24, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    http://www.kb.cert.org/vuls/id/804060
     
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,963
    Location:
    Brasil
    I wonder why nobody fixed this, even though they were notified several months ago.

    I'm not sure I understoo the issue correctly, but if I block all cookies by default and only allow certain cookies to be stored (such as this website), I'm safe form this vulnerability?
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    https://thestack.com/security/2015/...e-websites-vulnerable-in-all-modern-browsers/
     
Loading...