|
|
|
|
|
|
by munchbunny
2398 days ago
|
|
|
From the site: > While our analysis tool were not able to confirm that session cookies were sent as well, a long list of leaking cookies could mean that they would be.
Anyone in possession of those cookies can impersonate you on that website — i.e., access your account. I hadn't considered that before, but they're right, it's extremely easy to accidentally leak session cookies through first party subdomains. I look forward to the inevitable conference talks that will be discussing this vulnerability. |
|
|