Hi,
I am working on a webapplication and using siteminder for user authentication. I have to re-validate user on service by getting the username from Siteminder.
So, in service, I have created HttpWebRequest to get the username as HttpWebResponse from siteminder. All comunication happends over https and using secured cookie also.
Above works fine.
Is there any security Vulnerability for subdomain. We are storing SMSession in cookie.
Cookies do not provide integrity guarantees for sibling domains (and their subdomains). For example, consider foo.example.com and bar.example.com. The foo.example.com server can set a cookie with a Domain attribute of “example.com” (possibly overwriting an existing “example.com” cookie set by bar.example.com), and the user agent will include that cookie in HTTP requests to bar.example.com. In the worst case, bar.example.com will be unable to distinguish this cookie from a cookie it set itself. The foo.example.com server might be able to leverage this ability to mount an attack against bar.example.com.
A cookie can contain a “secure” flag, indicating that it should be only sent over an HTTPS connection. Yet there is no corresponding flag to indicate how a cookie was set: attackers who act as a man-in-the-midddle even temporarily on an HTTP session can inject cookies which will be attached to subsequent HTTPS connections.
I found this vulnerability online somewhere.
How can we resolve this issue?
Thanks,
Source: New feed
{pubDate}