|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
From: morning_wood (se_cur_ity
hotmail.com)
Date: Sat Oct 30 2004 - 21:13:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
this is the exact ISSUE !!!
YOU SCORE BONUS POINTS!!!
> Indeed, but surely the cookie information stored should be dependant on
> the user's authentication details? It makes sense to use semi-dynamic
> cookie information like this, making holes like this one a little more
> hard to 'gain and keep' access.
>
>
> > there is a [x] box..
> >
> > "Don't ask for my password for 2 weeks."
> >
> > this sets the users cookie. Gmail uses the cookie for authentication.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]