Home
Latest images
Search
Register
Log in"Logout XSRF" - significant web app bug?
Page 1 of 1
"Logout XSRF" - significant web app bug?
andry Mon Oct 11, 2010 5:59 am
[Or "Logout CSRF" for search indexes; I seem to be addicted to the less common acronym ;-)]
Significant? No, of course not. It is a technical integrity violation inflicted upon good.com by evil.com. That's not ideal, and could be an annoyance. But there are some other interesting technicalities that can make it futile to defend against. They include:
Cookie forcing. A man-in-the-middle attacker can nuke the auth cookie, even though your session is https.
Cookie bombardment. There is no standard on how a browser should behave when a range of collaborating sites (e.g. *.evil.com) pile a load of cookies on to a browser. kuza55 documents the plausibility of this attack in Firefox and Opera and the Browser Security Handbook also alludes to this in Part2 under the heading "Problems with cookie jar size". Essentially *.evil.com could "LRU-out" the auth cookie of another site. I've not seen a definitive answer to whether IE8 has a global cookie max limit or not. Intriguingly, having one can be a problem as can not having one!
Significant? No, of course not. It is a technical integrity violation inflicted upon good.com by evil.com. That's not ideal, and could be an annoyance. But there are some other interesting technicalities that can make it futile to defend against. They include:
Cookie forcing. A man-in-the-middle attacker can nuke the auth cookie, even though your session is https.
Cookie bombardment. There is no standard on how a browser should behave when a range of collaborating sites (e.g. *.evil.com) pile a load of cookies on to a browser. kuza55 documents the plausibility of this attack in Firefox and Opera and the Browser Security Handbook also alludes to this in Part2 under the heading "Problems with cookie jar size". Essentially *.evil.com could "LRU-out" the auth cookie of another site. I've not seen a definitive answer to whether IE8 has a global cookie max limit or not. Intriguingly, having one can be a problem as can not having one!
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» Why Sitemaps Are Significant in SEO
» Some significant navigation links and the ways to use them
» SEO services significant boost to traffic
» Some significant navigation links and the ways to use them
» SEO services significant boost to traffic
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|