Vulnerability Note VU#466433
Web sites may transmit authentication tokens unencrypted
Web services that rely on cookies for authentication may be vulnerable to an authentication bypass vulnerability.
Some web sites transmit authentication material (often cookies) without encrypting the entire session, even when the authentication material is initially set over an encrypted HTTP session. This behavior could allow an attacker on the network path to obtain authentication material and impersonate a legitimate user. Sites that set authentication cookies over https during login and then later transmit the cookies over HTTP are particularly vulnerable, since users are more likely to think that the security of the login page applies to the entire session.
HTTP cookies are text that is sent to a client web browser from a server. Cookies are transmitted back to the server from the client's browser when the client accesses the web site.
A remote unauthenticated attacker who can intercept traffic that is destined to an affected web site may be able to take any action on the web site that the legitimate user can.
There are a number of options that can mitigate this type of vulnerability. Please see the Workarounds and Systems Affected sections of this document for more information, including information about specific vendors.
Workarounds for users
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Box.net||Affected||20 Sep 2007||23 Sep 2007|
|Affected||-||04 Nov 2008|
|Microsoft Corporation||Affected||-||06 Sep 2007|
|Yahoo, Inc.||Affected||-||01 Sep 2007|
|Zoho||Affected||21 Sep 2007||23 Sep 2007|
|salesforce.com||Not Affected||-||12 Sep 2007|
|eBay||Unknown||06 Sep 2007||06 Sep 2007|
|MySpace.com||Unknown||05 Sep 2007||05 Sep 2007|
CVSS Metrics (Learn More)
Information about this vulnerability was released by Erratasec.
This document was written by Ryan Giobbi and Dean Reges.
- CVE IDs: Unknown
- Date Public: 07 Sep 2007
- Date First Published: 07 Sep 2007
- Date Last Updated: 13 Apr 2009
- Severity Metric: 2.25
- Document Revision: 101
If you have feedback, comments, or additional information about this vulnerability, please send us email.