New HTTPS security flaw uncovered by researchers

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections.

Websites use session cookies to remember authenticated users. If an attacker gains access to a user's session cookie while the user is still authenticated to a website, the hacker could use it to access the user's account on that website.

HTTPS should prevent this type of session hijacking because it encrypts session cookies while in transit or when stored in the browser. However, the new attack, devised by security researchers Juliano Rizzo and Thai Duong, is able to decrypt them.

http://news.techworld.com/security/3379859/new-https-security-flaw-uncovered-by-researchers/?olo=rss
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top