Cookies Lack Integrity: Real-World Implications

Usenix Security Symposium, 2015.

Cited by: 45|Bibtex|Views68
EI
Other Links: academic.microsoft.com|dblp.uni-trier.de|dl.acm.org

Abstract:

A cookie can contain a \"secure\" flag, indicating that it should be only sent over an HTTPS connection. Yet there is no corresponding flag to indicate how a cookie was set: attackers who act as a man-in-the-midddle even temporarily on an HTTP session can inject cookies which will be attached to subsequent HTTPS connections. Similar attac...More

Code:

Data:

Your rating :
0

 

Tags
Comments