Comment 19 for bug 978896
Revision history for this message
| Gabriel Hurley (gabriel-hurley) wrote | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Patch looks good to me.
As per the impact description, I'd word the last sentence as such: "Under specific circumstances it is possible to reuse session cookies from another user, potentially allowing access to unauthorized information and capabilities."
e.g. the attacker couldn't actually steal your password, but they could change it for you if you're an admin...