WebApp Sec mailing list archives
Re: ColdFusion - CFID & CFTOKEN
From: ron thigpen <ron () fuzzsonic com>
Date: Wed, 11 May 2005 12:15:44 -0400
Jason binger wrote:
I am currently doing some work with CF MX 6.1 and was wondering if anyone had some information on the strength of the CF cookie implementation.
More information here: <http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_18133>Article describes a method for generating UUIDs for use as CFTOKEN values. It is also intimated that the code for generating standard (non-UUID) CFTOKEN values has changed in the MX release.
Seems it would be worth taking a new look at these standard CFTOKEN values from an MX install to see if they still follow the pattern indicated in Amit's paper.
--rt
Current thread:
- ColdFusion - CFID & CFTOKEN Jason binger (Apr 13)
- RE: ColdFusion - CFID & CFTOKEN Andrew van der Stock (Apr 13)
- Re: ColdFusion - CFID & CFTOKEN Rogan Dawes (Apr 14)
- Re: ColdFusion - CFID & CFTOKEN Amit Klein (AKsecurity) (Apr 18)
- Re: ColdFusion - CFID & CFTOKEN ron thigpen (May 11)
- Re: ColdFusion - CFID & CFTOKEN ron thigpen (May 11)
- Re: ColdFusion - CFID & CFTOKEN leighm (May 15)