开发者

Penetration testers say that the .ASPXAUTH cookie is insecure and is displaying session data?

开发者 https://www.devze.com 2023-01-08 00:10 出处:网络
I thought the .ASPXAUTH was for user authentication? Can anyone confirm if this cookie is indeed a security risk and/or contains session information? Is it even suppose to be used or开发者_高级运维 is

I thought the .ASPXAUTH was for user authentication? Can anyone confirm if this cookie is indeed a security risk and/or contains session information? Is it even suppose to be used or开发者_高级运维 is it some debug thing?


I think you have run into some comments that have to do with Forms Authentication security. You can find more info here: http://visualstudiomagazine.com/articles/2010/09/14/aspnet-security-hack.aspx

What it boils down to is that a clever hacker can discover the machine key used to encrypt the cookeis and create their own forged auth cookies.

0

精彩评论

暂无评论...
验证码 换一张
取 消