[
http://jira.xwiki.org/jira/browse/XWIKI-1971?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergiu Dumitriu updated XWIKI-1971:
-----------------------------------
Summary: Deleting or putting "false" in the validation cookie bypasses
cookie validation (was: Putting "false" in the validation cookie bypasses
cookie validation)
Description: The validation cookie can be used to bind a cookie to an IP.
Stealing the username and password cookies can bypass the IP bind if the
validation cookie is assigned a value of "false" or is completely deleted.
(was: The validation cookie can be used to bind a cookie to an IP. Stealing the
username and password cookies can bypass the IP bind if the validation cookie
is assigned a value of "false".)
Security: (was: Confidential)
Assignee: Sergiu Dumitriu
> Deleting or putting "false" in the validation cookie bypasses cookie
> validation
> -------------------------------------------------------------------------------
>
> Key: XWIKI-1971
> URL: http://jira.xwiki.org/jira/browse/XWIKI-1971
> Project: XWiki Platform
> Issue Type: Bug
> Components: Authentication and Rights Management
> Affects Versions: 1.2 RC2
> Reporter: Sergiu Dumitriu
> Assigned To: Sergiu Dumitriu
>
> The validation cookie can be used to bind a cookie to an IP. Stealing the
> username and password cookies can bypass the IP bind if the validation cookie
> is assigned a value of "false" or is completely deleted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications
