[Tickets #7904] Horde Mail Insecure Cookie Sanitization over HTTPS
bugs at horde.org
bugs at horde.org
Tue Jan 27 19:02:07 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/7904
------------------------------------------------------------------------------
Ticket | 7904
Created By | adi.zerok at gmail.com
Summary | Horde Mail Insecure Cookie Sanitization over HTTPS
Queue | Horde Base
Version | 3.3.3
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
adi.zerok at gmail.com (2009-01-27 14:02) wrote:
It is possible to send a cookies over HTTP even when HTTPS is
implemented during insecure state of cookie. The parameters are not
properly structured in set cookie parameter. On security basis secure
parameter should be applied in the cookie arguments to prevent the
transference of cookies over HTTP.
This can be possible to Surf Jacking attacks.
More information about the bugs
mailing list