[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Joomla: Session hijacking vulnerability, CVE-2008-4122

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Joomla: Session hijacking vulnerability, CVE-2008-4122
From: darkz.gsa@xxxxxxxxx
Date: Thu, 18 Dec 2008 04:40:40 -0700

Yes, I can reproduce this behavior. The application should reinitialize the 
cookie after the login but instead it will keep the previous cookie. An 
interesting thing this is valid only for the login_module, the administrator 
login page does not automatically redirect to HTTPS by configuration.

Prev by Date: Firefox cross-domain text theft (CESA-2008-011)
Next by Date: [USN-692-1] Gadu vulnerability
Previous by thread: Joomla: Session hijacking vulnerability, CVE-2008-4122
Next by thread: n.runs-SA-2008.010 - Opera HTML parsing Code Execution
Index(es):
- Date
- Thread