Re: Session Id Collisions

From: Date: Mon, 05 Aug 2013 18:46:51 +0000
Subject: Re: Session Id Collisions
References: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message
Hi Arpad,

On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray <[email protected]> wrote:

>  I think there really should be a vote.


This means you don't really understand the true risk of this vulnerability.
It allows permanent session ID fixation. This is CVE assigned vulnerability.
Details are explained in the RFC and I don't want to explain fully in ML
again.
(We might discussed the details in [email protected], but I think I wrote
enough info)

Please refer to the RFC.

Regards,

--
Yasuo Ohgaki
[email protected]


Thread (37 messages)

« previous php.internals (#68387) next »