Full Disclosure mailing list archives
Re: The Misfortune Cookie Vulnerability
From: Jon Hart <jhart () spoofed org>
Date: Tue, 23 Dec 2014 08:58:03 -0800
At least on the pile of RomPager 4.01 devices that I have access to, they use straight HTTP authentication by default and do not use any cookies from what I can see. That's not to say that there isn't cookie handling code exposed in some way. It is also possible that these devices have already been patched against this vulnerability and the version was unchanged, or that they are so highly customized that the vulnerability is irrelevant. -jon On Thu, Dec 18, 2014 at 11:11 PM, Shahar Tal <shahartal () checkpoint com> wrote:
Well noted. I do trust members of this list to help release the information I couldn't. Cheers, Shahar ________________________________ From: Michal Zalewski Sent: Friday, December 19, 2014 6:56:20 AM To: Shahar Tal Cc: fulldisclosure () seclists org Subject: Re: [FD] The Misfortune Cookie VulnerabilitySee http://mis.fortunecook.ie for the rest.I think you might have accidentally pasted the wrong link. This one doesn't seem to contain additional information. Cheers, /mz Email secured by Check Point. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- The Misfortune Cookie Vulnerability Shahar Tal (Dec 18)
- Re: The Misfortune Cookie Vulnerability Michal Zalewski (Dec 18)
- Re: The Misfortune Cookie Vulnerability Sandro Gauci (Dec 22)
- Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
- Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
- Re: The Misfortune Cookie Vulnerability Jon Hart (Dec 23)
- Re: The Misfortune Cookie Vulnerability Sandro Gauci (Dec 22)
- Re: The Misfortune Cookie Vulnerability Gynvael Coldwind (Dec 22)
- Re: The Misfortune Cookie Vulnerability Michal Zalewski (Dec 18)