• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Security issue with web hoster

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
paul.m
Just Arrived
Just Arrived


Joined: 15 Nov 2010
Posts: 0


Offline

PostPosted: Mon Nov 15, 2010 9:58 am    Post subject: Security issue with web hoster Reply with quote

Hello everyone,

I just wanted your opinion on some specific security issue i encountered concerning my web hoster.

This web hoster provides an HTML administrative interface to manage most part of my websites.

It appeared that this administrative interface has a flaw that silently keep you logged-in after a logout as long as a session cookie is available (ie. as long as you don't close your browser or manually clear your cookies).

The only thing that you have to do, is get a url from the browser cache and replay it (the url is partly auto-generated, so you have to get it either from the cache or from the source of a open page). This could lead an attacker to access account management consoles for SSH, FTP, email address, etc.

This issue is not really hard to find (you can easily get some hints about it).

So, I have two questions:
- How would you rate this security risk ? Non critical? Severe?
- Do you have any advice on how I can put pressure on my web host to do something to fix this ? (they have silently ignored my mail so far).


Your feedback would be deeply appreciated.

Paul
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register