Re: Session Id Collisions

From: Yasuo Ohgaki Date: Mon, 05 Aug 2013 18:46:51 +0000

Subject: Re: Session Id Collisions

References: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Groups: php.internals

Request: Send a blank email to internals+get-68387@lists.php.net to get a copy of this message

Hi Arpad,

On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray <arraypad@gmail.com> wrote:

>  I think there really should be a vote.


This means you don't really understand the true risk of this vulnerability.
It allows permanent session ID fixation. This is CVE assigned vulnerability.
Details are explained in the RFC and I don't want to explain fully in ML
again.
(We might discussed the details in security@php.net, but I think I wrote
enough info)

Please refer to the RFC.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

Thread (37 messages)

Raymond IrvingThu, 23 Aug 2012 04:48:12 +0000
Rasmus LerdorfThu, 23 Aug 2012 15:03:32 +0000
Raymond IrvingThu, 23 Aug 2012 15:26:14 +0000
Sherif RamadanThu, 23 Aug 2012 15:53:28 +0000
Yasuo OhgakiSat, 25 Aug 2012 02:47:16 +0000
Ferenc KovacsSat, 25 Aug 2012 16:40:05 +0000
Yasuo OhgakiSat, 25 Aug 2012 22:02:29 +0000
Stas MalyshevSun, 26 Aug 2012 08:57:30 +0000
Yasuo OhgakiSun, 26 Aug 2012 20:49:20 +0000
Stas MalyshevSun, 26 Aug 2012 07:37:45 +0000
Yasuo OhgakiSun, 26 Aug 2012 20:55:40 +0000
Stas MalyshevSun, 26 Aug 2012 21:30:29 +0000
Yasuo OhgakiSun, 26 Aug 2012 21:33:25 +0000
Yasuo OhgakiSun, 26 Aug 2012 21:31:25 +0000
Stas MalyshevSun, 26 Aug 2012 21:35:06 +0000
Yasuo OhgakiSun, 26 Aug 2012 21:36:52 +0000
Yasuo OhgakiMon, 24 Dec 2012 06:32:17 +0000
Yasuo OhgakiThu, 27 Jun 2013 00:36:24 +0000
Arpad RayThu, 27 Jun 2013 09:02:53 +0000
Yasuo OhgakiThu, 27 Jun 2013 10:51:42 +0000
Stas MalyshevMon, 05 Aug 2013 00:15:43 +0000
Stas MalyshevMon, 05 Aug 2013 00:45:30 +0000
Yasuo OhgakiMon, 05 Aug 2013 01:01:31 +0000
Arpad RayMon, 05 Aug 2013 09:22:45 +0000
Yasuo OhgakiMon, 05 Aug 2013 09:50:16 +0000
Arpad RayMon, 05 Aug 2013 10:05:15 +0000
Yasuo OhgakiMon, 05 Aug 2013 10:10:14 +0000
Arpad RayMon, 05 Aug 2013 10:26:58 +0000
Yasuo OhgakiMon, 05 Aug 2013 10:38:42 +0000
Arpad RayMon, 05 Aug 2013 16:04:53 +0000
Yasuo OhgakiMon, 05 Aug 2013 18:46:51 +0000
Arpad RayMon, 05 Aug 2013 19:17:10 +0000
Stas MalyshevMon, 05 Aug 2013 19:23:33 +0000
Arpad RayMon, 05 Aug 2013 19:33:35 +0000
Yasuo OhgakiMon, 05 Aug 2013 19:57:40 +0000
Yasuo OhgakiMon, 05 Aug 2013 19:41:29 +0000
Stas MalyshevFri, 28 Jun 2013 21:06:59 +0000

« previous	php.internals (#68387)	next »

From:	Yasuo Ohgaki	Date:	Mon, 05 Aug 2013 18:46:51 +0000
Subject:	Re: Session Id Collisions
References:	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20	Groups:	php.internals
Request:	Send a blank email to internals+get-68387@lists.php.net to get a copy of this message