Date: Thu, 24 Dec 1998 11:09:19 +1300
From: Oliver Lineham <oliver@LINEHAM.CO.NZ>
To: BUGTRAQ@NETSPACE.ORG
Subject: Security Flaw in Cookies Implementation
I have discovered what I beleive to be a flaw in the implementation of
cookies, that allows for possible security implications.
Products affected appear to include EVERY VERSION of Navigator that support
cookies, and EVERY VERSION of Internet Explorer that support cookies.
For a detailed explanation and analysis, please visit
http://www.paradise.net.nz/~glineham/cookiemonster.html immediately.
This site also contains a working demonstration.
The problem relates to the restrictions applied to domains outside the
united states, and how many dots they must contain.
The site contains a full analysis of the problem, and has a working
demonstration.
Regards,
Oliver Lineham
---------------------------------------------------
Internet Services / Webdesign / Strategic Planning
PO Box 30-481, Lower Hutt, NZ oliver@lineham.co.nz
Phone +64 4 566-0627 Facsimile +64 4 570-1900
