osCommerce University - Forum Discussions for Prestashop, Magento, osCommerce, CRE Loaded and more

Basic e-Commerce Business Books | CRE Loaded Add-on's | Hosting 4 CRE Loaded | Hosting 4 osCommerce

« previous next »

Pages: 1 [2] All

Go Down

Author Topic: CRE LOADED SECURE COOKIES VULNERABLE (Read 12108 times)

0 Members and 1 Guest are viewing this topic.

inetbiz

eCommerce Strategy Consultant
Administrator
Full Member
Offline
Posts: 133
Karma: 22
SKYNET; T3; Apple Inc. Coincidence?

CRE LOADED SECURE COOKIES VULNERABLE

« Reply #1 on: June 05, 2008, 12:35:31 PM »

Cre Loaded shopping cart contains a secure sessions cookie vulnerability that enables a hacker to obtain sensative information.

Port 443Path: / --> No "Secure" Attribute on Secure Channel (https) : osCsid=41e492d37e0a3137d1ddbd5ca4db81c9; path=/; domain=www.xxxxxxxxxxxxx.com

Source:http://www.ietf.org/rfc/rfc2109.txt page 4

« Last Edit: June 05, 2008, 12:37:06 PM by inetbiz »

Logged

Host Master's Blog | eCommerce Services and Software | eCommerce News