IIS 5 cookie encryption password

From: Serguey Forcade (sergueyf@gmail.com)
Date: Mon Apr 02 2007 - 19:15:21 EDT


Hi, I'd like to know if anyone knows of a paper that explains how to
extract the encryption password IIS creates when it starts up, and
uses to encrypt the session ID + random data in order to generate the
cookie value the users receives.

I'm interested in IIS 5.0.

Thanks.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:41 EDT