Konqueror Bug in Sending Non-Secure Cookies via SSL May Let Remote Users Conduct Session Fixation Attacks
|
|
SecurityTracker Alert ID: 1011330 |
|
SecurityTracker URL: http://securitytracker.com/id/1011330
|
|
CVE Reference:
CVE-2004-0870
(Links to External Site)
|
Date: Sep 16 2004
|
Impact:
Modification of user information
|
Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 3.1.4
|
Description:
A vulnerability was reported in KDE Konqueror. A remote user may be able to set cookies on via a non-secure server to be sent to a secure server as part of a session fixation attack.
Westpoint Security reported that the browser may send non-secure cookies (i.e., those set via HTTP) to the server via SSL. A remote user with the ability to spoof connections or conduct a man-in-the-middle attack may be able to set a cookie on the target user's browser that will subsequently be sent by the target user's browser to a secure server as part of a session fixation attack.
This flaw may allow remote users to conduct session fixation attacks to hijack a target user's session. A paper on session fixation attacks is available at:
http://www.acros.si/papers/session_fixation.pdf
The vendor was notified on July 20, 2004.
The original advisory is available at:
http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt
|
Impact:
A remote user may be able to set cookies via a non-secure server to be sent by the target user's browser to a secure server.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.kde.org/ (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
