[8807] in bugtraq

home help back first fref pref prev next nref lref last post

Security Flaw in Cookies Implementation

daemon@ATHENA.MIT.EDU (Oliver Lineham)
Wed Dec 23 23:06:28 1998

Date: 	Thu, 24 Dec 1998 11:09:19 +1300
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Oliver Lineham <oliver@LINEHAM.CO.NZ>
To: BUGTRAQ@NETSPACE.ORG

I have discovered what I beleive to be a flaw in the implementation of
cookies, that allows for possible security implications.

Products affected appear to include EVERY VERSION of Navigator that support
cookies, and EVERY VERSION of Internet Explorer that support cookies.

For a detailed explanation and analysis, please visit
http://www.paradise.net.nz/~glineham/cookiemonster.html immediately.
This site also contains a working demonstration.

The problem relates to the restrictions applied to domains outside the
united states, and how many dots they must contain.

The site contains a full analysis of the problem, and has a working
demonstration.

Regards,

Oliver Lineham

---------------------------------------------------
Internet Services / Webdesign / Strategic Planning
PO Box 30-481, Lower Hutt, NZ  oliver@lineham.co.nz
Phone +64 4 566-0627       Facsimile +64 4 570-1900

home help back first fref pref prev next nref lref last post