Menu

Database

Active Https Cookie Hijacking

WVE ID: WVE-2008-0012

Type: Exploit

Status: Candidate

Classification:
Hijacking
Information Disclosure

Description:
It is possible to actively capture cookies and use them to impersonate HTTPS sessions on vulnerable websites.

Discussion:
Certain websites that do not set the "secure" bit in their SSL session cookies are vulnerable to user impersonation. An attacker can use a method to collect these cookies for sites the target has visited previously by injecting iframes and images from those target sites into unencrypted TCP/IP streams. This will cause the user to send the cookie for the target site in clear-text, allowing the attacker to use the cookie and impersonate the user.

Credits
Author: Mike Perry : Riverbed Technology

References
URL: http://fscked.org/blog/fully-automated-active-https-cookie-hijacking

Released: 2008-08-14

Submitter
Nicholas DePetrillo (ndepetrillo@arubanetworks.com) : Aruba Networks

Submitted: Thu Sep 18 07:02:34 -0700 2008

Candidate Date: Tue Nov 18 08:50:14 -0800 2008


Recent Entries

TKIP Replay and Plaintext Discovery
WVE-2008-0013 11/18/2008
Active Https Cookie Hijacking
WVE-2008-0012 9/18/2008
Auto Immune Attack
WVE-2008-0011 9/17/2008
Marvell Null SSID Association Request
WVE-2008-0010 9/15/2008
Marvell EAPOL-Key Length Overflow
WVE-2008-0009 9/15/2008
Atheros IE Tag Overflow
WVE-2008-0008 9/15/2008
Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...