Re: XSS with encrypted cookie?

From: dd (dd@ghettohackers.net)
Date: Wed Dec 10 2003 - 18:00:38 EST

Next message: Core Security Technologies: "[CORE-2003-12-05] DCE RPC Vulnerabilities New Attack Vectors Analysis"
Previous message: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
In reply to: pire pire: "XSS with encrypted cookie?"
Next in thread: Rajesh Jose: "RE: XSS with encrypted cookie?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes, it is possible to steal cookies with XSS by using document.cookie
regardless of what data is in the cookie (eg. the data is encrypted, or
anything else).

Usually with session tokens, any encryption is performed at the
application layer (single encryption key), and hence replaying of the
token will still work (assuming the session hasn;t expired).

pire pire wrote:
> Hi,
>
> I'm wondering if it's possible via a XSS attack to steal an
> encrypted cookie (actually it's a session token)? (with some
> javascript like: document.cookie etc...)
>
> If yes, is it also possible to replay this cookie? (of course the
> session must still be valid on the server)
>
> I know it works with regular cookie.
>
> Thanks a lot for your help

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Core Security Technologies: "[CORE-2003-12-05] DCE RPC Vulnerabilities New Attack Vectors Analysis"
Previous message: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
In reply to: pire pire: "XSS with encrypted cookie?"
Next in thread: Rajesh Jose: "RE: XSS with encrypted cookie?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:44 EDT