WebApp Sec mailing list archives
IIS 5 cookie encryption password
From: "Serguey Forcade" <sergueyf () gmail com>
Date: Mon, 2 Apr 2007 19:15:21 -0400
Hi, I'd like to know if anyone knows of a paper that explains how to extract the encryption password IIS creates when it starts up, and uses to encrypt the session ID + random data in order to generate the cookie value the users receives. I'm interested in IIS 5.0. Thanks. ------------------------------------------------------------------------- Sponsored by: WatchfireIt's been reported that 75% of websites are vulnerable to attack. That's because hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longer apply. Download the "Addressing Challenges in Application Security" whitepaper today, and see for yourself.
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHF --------------------------------------------------------------------------
Current thread:
- IIS 5 cookie encryption password Serguey Forcade (Apr 02)
- Message not available
- Re: IIS 5 cookie encryption password Serguey Forcade (Apr 05)
- Re: IIS 5 cookie encryption password Santiago Barahona (Apr 12)
- Re: IIS 5 cookie encryption password Santiago Barahona (Apr 12)
- Re: IIS 5 cookie encryption password Serguey Forcade (Apr 05)
- Message not available