User: Password:
Subscribe / Log in / New account

Password takeover

Password takeover

Posted Nov 17, 2010 12:58 UTC (Wed) by DonDiego (guest, #24141)
In reply to: Password takeover by Simetrical
Parent article: Gathering session cookies with Firesheep

If you capture the insecure session cookie as described in the article, you don't need to enter a password.

(Log in to post comments)

Password takeover

Posted Nov 18, 2010 0:52 UTC (Thu) by bfields (subscriber, #19510) [Link]

Try it. Go to facebook, and try to change your email address or your password without re-entering your password. You'll find it doesn't let you, even though you've given it a session cookie. And that's by design....

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds