Full Disclosure mailing list archives
Re: GitHub Login Cookie Failure
From: Chris Roussel <lab12 () lavabit com>
Date: Mon, 08 Apr 2013 18:50:45 -0500
On 04/08/2013 04:43 PM, Jeffrey Walton wrote:
You might also check to see if the session identifier changes between sessions. If not, GitHub may be using static session IDs, which means they could be guessable.
Well, at least the first 103 (there are 303) characters are static. But I think that it will take you at least twice the age of the universe to guess that ID. Regards, _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- GitHub Login Cookie Failure Chris Roussel (Apr 08)
- Re: GitHub Login Cookie Failure Gregory Boddin (Apr 08)
- Re: GitHub Login Cookie Failure Jeffrey Walton (Apr 08)
- Re: GitHub Login Cookie Failure Chris Roussel (Apr 09)
- Re: GitHub Login Cookie Failure Jann Horn (Apr 08)
- Re: GitHub Login Cookie Failure Jann Horn (Apr 08)