Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The random number generated is used as a secret to append to a sequence and SHA to implement a CookieSigner. If this is attackable, then it's possible for an attacker to sign a cookie as if we had. We should fix this and use SecureRandom as a stronger random function .
HTTPAuthUtils has a similar issue. If that is attackable, an attacker might be able to create a similar cookie. Paired with the above issue with the CookieSigner, it could reasonably spoof a HS2 cookie.