VDB

GCVE-110-CERTCC-2007-466433

GCVE-110-CERTCC-2007-466433
Advisory Published
Vulnetix · Advisory published September 7, 2007
Web services that rely on cookies for authentication may be vulnerable to an authentication bypass vulnerability. Some web sites transmit authentication material (often cookies) without encrypting the entire session, even when the authentication material is initially set over an encrypted HTTP session. This behavior could allow an attacker on the network path to obtain authentication material and impersonate a legitimate user. Sites that set authentication cookies over https during login and then later transmit the cookies over HTTP are particularly vulnerable, since users are more likely to think that the security of the login page applies to the entire session.

Risk Scores

certcc-cam
certcc-cam
impact4population15exploitation1widely_known20score_current2.25ease_of_exploitation20
certcc-vrda
certcc-vrda
d1_impact1d1_population4d1_direct_report0

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›