VDB
GCVE-110-CERTCC-2007-466433
GCVE-110-CERTCC-2007-466433
Advisory Published
Web services that rely on cookies for authentication may be vulnerable to an authentication bypass vulnerability. Some web sites transmit authentication material (often cookies) without encrypting the entire session, even when the authentication material is initially set over an encrypted HTTP session. This behavior could allow an attacker on the network path to obtain authentication material and impersonate a legitimate user. Sites that set authentication cookies over https during login and then later transmit the cookies over HTTP are particularly vulnerable, since users are more likely to think that the security of the login page applies to the entire session.
Risk Scores
certcc-cam
certcc-cam
impact4population15exploitation1widely_known20score_current2.25ease_of_exploitation20
certcc-vrda
certcc-vrda
d1_impact1d1_population4d1_direct_report0
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.