[
http://jira.xwiki.org/jira/browse/XWIKI-1971?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergiu Dumitriu closed XWIKI-1971.
----------------------------------
Fix Version/s: 1.3 M1
Resolution: Fixed
> Deleting or putting "false" in the validation cookie bypasses cookie
> validation
> -------------------------------------------------------------------------------
>
> Key: XWIKI-1971
> URL: http://jira.xwiki.org/jira/browse/XWIKI-1971
> Project: XWiki Platform
> Issue Type: Bug
> Components: Authentication and Rights Management
> Affects Versions: 1.2 RC2
> Reporter: Sergiu Dumitriu
> Assigned To: Sergiu Dumitriu
> Fix For: 1.3 M1
>
>
> The validation cookie can be used to bind a cookie to an IP. Stealing the
> username and password cookies can bypass the IP bind if the validation cookie
> is assigned a value of "false" or is completely deleted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications
