On 04/04/2010 05:11 PM, Florian Weimer:
This is factually incorrect. The victim client might still send authentication data to the server which ends up in a different context (because the attacker has preloaded a crafted message prefix into the server), where it is accessible to the attacker and can later be used to impersonante the victim client.
The data is not available to the attacker, but to the server, which lets the server believe this is the legitimate client from the preceding request.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: [email protected] Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
