Many sites use cookies to user authentication, since HTTP is stateless. That can be a convenience from both sides because it prevents you're username/password from going across the Internet. However, depending on how well the cookie is set up, it could potentially be a problem for either side as well. The cookie is sent back at every request to that URL (or domain, port, or only over a secure connection, depending on what the server designates). Although it may not include your password, it may include session information, or enough information to be harmful to you. For example, if the cookie is very lenient as far as when it is sent to a site, it is possible that it gets sent to some malicious site set up to steal your authenticated cookie (from a link that you connected to). They could then use that cookie to access your session, change your password, and then have access to your information.
Here's some very informative reading: http://cookies.lcs.mit.edu/pubs/webauth:tr.pdf On Wed, 2003-06-18 at 22:21, Michael Ryan Byrd wrote: > Sometimes when a cross site scripting bug is found in a particular web > application, the bug tracking sites will say, "Exploitation of this issue > may enable an attacker to steal cookie-based authentication credentials from > legitimate users of the software." > > How is that possible? > > Ryan > > > ____________________ > BYU Unix Users Group > http://uug.byu.edu/ > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
