Boursorama.com cookie exploit

From: Eyrill / Securiteinfo.com (commercial@securiteinfo.com)
Date: 04/01/02 

From: "Eyrill / Securiteinfo.com" <commercial@securiteinfo.com>
To: "Scrap" <webmaster@securiteinfo.com>
Date: Mon, 1 Apr 2002 02:08:40 +0200

Boursorama.com cookie exploit

.oO Overview Oo.
Boursorama.com stores usernames and passwords in clear text cookies
Discovered on 09/02/2002
Vendor: http://www.boursorama.com

.oO Summary Oo.
Boursorama is the french leader of stock market information. This financial
site
dedicated to providing the most up-to-the-minute stock quotes from France
and from
other international markets. The stock information is provided by multiple
databases
from companies (balances, forecasts, news) and by market commentaries 24
hours a day.
Boursorama offers personalized services including: email, budget management,
and forums.
These services are based on login/password authentification, stores in a
cookie.
The login and password are stored in clear text.

.oO Details Oo.
This is part of the boursorama cookie :

...Some crap here...
*
log
my_login
boursorama.com/
0
1777520896b
29827774
2580969488
29460647
*
pass
my_password
boursorama.com/
...Some crap here...

In this example, my_login and my_password are the login and password in
clear text.
Retrieving the cookie is possible to anyone with access to the cookies.txt
file,
or man-in-the-middle attack, but several browser vulnerabilities allow
remote sites
to retrieve cookies that were not planted by them. This enables malicious
web site
operators to 'steal' the Boursorama cookie, effectively retrieving the
username
and password.

.oO Exploit Oo.
An exploit has been made in Visual Basic, and can be downloaded at
http://www.securiteinfo.com/download/boursorama.zip. This program search the
cookie
on the disk drive, and, if found, print the login and password on the
screen.

.oO Solution Oo.
The solution is to use strong crypto to encrypt the login and password
stored in the cookie.
The vendor has been informed and has solved the problem.

.oO Discovered by Oo.
Arnaud Jacques
webmaster@securiteinfo.com
http://www.securiteinfo.com

Relevant Pages

  • Netegrity SiteMinder Affiliate Agent Cookie Overflow
    ... Netegrity SiteMinder Affiliate Agent Cookie ... Vendor Status: Vendor has patch available ... CVE Candidate: CAN-2004-0425 SiteMinder Affiliate Agent Cookie ...
    (Bugtraq)
  • [VulnWatch] Netegrity SiteMinder Affiliate Agent Cookie Overflow
    ... Netegrity SiteMinder Affiliate Agent Cookie ... Vendor Status: Vendor has patch available ... CVE Candidate: CAN-2004-0425 SiteMinder Affiliate Agent Cookie ...
    (VulnWatch)
  • Re: Cookies Expiring due to different time zones.
    ... post to your aspx login, sending the cookie's date in a hidden field ... set the aspx login cookie using the date/time in the hidden field ... This is the code I am using to create the ticket, ... Your problem is that you're using an extremely short time for the cookie expiration. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Netegrity SiteMinder Affiliate Agent Cookie Overflow
    ... Netegrity SiteMinder Affiliate Agent Cookie ... Vendor Status: Vendor has patch available ... CVE Candidate: CAN-2004-0425 SiteMinder Affiliate Agent Cookie ...
    (Bugtraq)
  • Re: Accessing and displaying SSL web pages and cookies from a windows form
    ... or LoadXML calls to urls on the website in order to get data or post data to ... first redirected to a SSL login page, if a particular cookie is not present, ... cookie is not present instead of getting the data. ... >> the data in the cookie and also not redirect to the login page. ...
    (microsoft.public.dotnet.languages.vb)
Loading