---

Security Flaw in Cookies Implementation

Oliver Lineham posted
to BUGTRAQ:

I have discovered what I beleive to be a flaw in the
implementation of cookies, that allows for possible security
implications.

Products affected appear to include EVERY VERSION of Navigator
that support cookies, and EVERY VERSION of Internet Explorer that
support cookies.

For a detailed explanation and analysis, please visit http://www.paradise.net.nz/~glineham/cookiemonster.html
immediately. This site also contains a working demonstration.

The problem relates to the restrictions applied to domains
outside the united states, and how many dots they must contain.

The site contains a full analysis of the problem, and has a
working demonstration.

Regards,

Oliver Lineham

---------------------------------------------------
Internet Services / Webdesign / Strategic Planning
PO Box 30-481, Lower Hutt, NZ  [email protected]
Phone +64 4 566-0627       Facsimile +64 4 570-1900

~