IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624.
Published at: October 29, 2020 at 09:45PM
View on website
Subscribe to:
Post Comments (Atom)
Much about Technology and a bit about Everything. We provide high quality of Information and tips tricks than bookmark us.updates daily.Have a Visit.
No comments:
Post a Comment