Re: verizon wireless website gaping privacy holes

From: Steve Shockley (steve.shockleyat_private)
Date: Sat Sep 01 2001 - 23:32:09 PDT

Next message: Jeff Carnahan: "RE: verizon wireless website gaping privacy holes"

Previous message: Frank Tobin: "S/Key keyinit(1) authentication (lack thereof) + sudo(1)"
In reply to: Gareth Owen: "Re: verizon wireless website gaping privacy holes"
Next in thread: Russell Handorf: "Re: verizon wireless website gaping privacy holes"
Next in thread: Jeff Carnahan: "RE: verizon wireless website gaping privacy holes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Note the p_session_id parameter.  This is the only session
> > identifier used.  They are assigned sequentially to each user as
> > they login, and are valid until the user logs out or the session
> > times out.  Obviously, this makes it trivial to access the sessions
> > of other users by guessing the session ID.  Automated tools to grab
> > this information in bulk as users login over time are also trivial.

Related vulnerability: if you pick a session ID below the current range, you
get a message "Unable to validate URL".  If you try one above the current
range, you get "Unable to find URL".  Naturally, this makes it trivial to
zero in on the current valid session ID range, even by hand.

Next message: Jeff Carnahan: "RE: verizon wireless website gaping privacy holes"
Previous message: Frank Tobin: "S/Key keyinit(1) authentication (lack thereof) + sudo(1)"
In reply to: Gareth Owen: "Re: verizon wireless website gaping privacy holes"
Next in thread: Russell Handorf: "Re: verizon wireless website gaping privacy holes"
Next in thread: Jeff Carnahan: "RE: verizon wireless website gaping privacy holes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 03 2001 - 08:14:07 PDT