Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2014-3853

Description

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

POC

Reference

- http://www.openwall.com/lists/oss-security/2014/05/14/3

- http://www.openwall.com/lists/oss-security/2014/05/23/1

Github

No PoCs found on GitHub currently.