Cookie Re-Use flaw in Amazon,Ebay,Linkedin,Office365 and other web service

Jul 17, 2013   //   by   //   Uncategorized  //  No Comments

 

“Ethical hacking professor Sam Bowne recently put a cookie re-use method to test on several major web services, finding that Office 365, Yahoo mail, Twitter, LinkedIn, Amazon, eBay, and WordPress all failed the security test. Both Amazon and eBay can be tied directly to your money via the method of payment you have on record. And, just for kicks, we tried it with Netflix. And it worked. Microsoft has apparently known that accounts can be hijacked since at least 2012 when The Hacker News reported the Hotmail and Outlook cookie-handling vulnerability, so Bowne was curious if Microsoft closed the hole or if stolen cookies could still be re-used. He claims he ‘easily reproduced it using Chrome and the Edit This Cookie extension.’”

Source:

http://samsclass.info/123/proj10/cookie-reuse.htm

http://www.networkworld.com/community/node/83383

About NOSEC

NOSEC has its roots in Web Application Security with core products are JSky, Pangolin, iiScan. They are best in class tools to identify and eliminate security vulnerabilities in your company’s web applications.