Am 22.04.2012 22:06, schrieb Michael Heydekamp:
Am 22.04.2012 21:49, schrieb Reindl Harald:
Am 22.04.2012 21:38, schrieb Michael Heydekamp:
Didn't know that. But how can a different user on a different machine have the same session ID (if not by random)? Is there any way to a) get hold of the ID of any other user's session, and b) to take influence on his own session ID in a way that he would identify himself with the same ID?
what do you think how long it takes to write a cookie like this? the only interesting is "roundcube_sessauth=S1168d2474c3b543053461d00f9c8b1a1b1764905"
beeing in a open WLAN without ssl and anybody can fake it in seconds
Ok, typing it is not a big deal, but how can he get hold of the ID of any user in the same WLAN within seconds?
jesus christ you simply start the hijacked session in your browser - the session is nothing other than sending this header with each reequest
And: If he can do that, isn't faking the User-Agent even an easier deal?
yes, but he must fake BOTH at the same time it's both easy, 100% security does not exist you can things only make as difficult as possible without encryption
Cookie: mailviewsplitterv=244; mailviewsplitter=262; composesplitterv=175; prefsviewsplitter=195; folderviewsplitter=300; addressviewsplitter=250; addressviewsplitterd=200; identviewsplitter=300; tl_webmail_sessid=vpxiRqxOLDa%2CM7gMP81eB2hPPc1; roundcube_sessauth=S1168d2474c3b543053461d00f9c8b1a1b1764905