Quote: URLs can leak authenticators through the Referer header, allows cross-site scripting attacks without eavesdropping

Quotation Skeleton

[Instead of using SSL-secure cookies] A second method of setting an authenticator … The problem with this method is that it … to another, the Web browser usually sends the … [sic] header … [and] the server will receive a copy of … This can be exploited via a cross-site scripting … [www.cert.org/advisories/CA-2000-02.html]. An adversary can cause a user to execute arbitrary code … to a link of the adversary's choosing. If … may include the authenticator … Worse, the link could point to the adversary's …   Google-1   Google-2

Copyright clearance needed for quotation.

Related Topics

Topic: security leaks and weaknesses (56 items)
Topic: authentication (87 items)
Topic: World-Wide Web (38 items)