Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ColdFusion - CFID & CFTOKEN

from [ron thigpen] Network Security [Permanent Link]
Subject: Re: ColdFusion - CFID & CFTOKEN
Date: Wed, 11 May 2005 12:15:44 -0400
Jason binger wrote: 
I am currently doing some work with CF MX 6.1 and was
wondering if anyone had some information on the
strength of the CF cookie implementation.


More information here:
<http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_18133>

Article describes a method for generating UUIDs for use as CFTOKEN values. It is also intimated that the code for generating standard (non-UUID) CFTOKEN values has changed in the MX release.

Seems it would be worth taking a new look at these standard CFTOKEN values from an MX install to see if they still follow the pattern indicated in Amit's paper.

--rt

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ColdFusion - CFID & CFTOKEN, ron thigpen
Next by Date:  New Free Tool - Foundstone CookieDigger, Curphey, Mark
Previous by Thread:  Re: ColdFusion - CFID & CFTOKEN, ron thigpen
Next by Thread:  Re: ColdFusion - CFID & CFTOKEN, leighm
Indexes:  [Date] [Thread] [Top] [All Lists]