Introduction to TLS v1.2

computer web network tls cryptography

Some notes about how TLS v1.2 (Transport Layer Security) works. The goal explain what is going on in a network traffic dump, the role of the different TLS extensions, the impact of the different cipher suites on security, etc. It includes several diagrams and many references.

Read more…

Cross-origin/same-site request forgery to RCE in chromedriver

computer security web vulnerability webdriver csrf

I found a cross-origin/same-site request forgery vulnerability in chromedriver. It was rejected (won't fix) because it is only possible to trigger this from the cross-origin/same-site and not cross-site. In practice, it means it is really only possible to trigger this from another localhost-bound web application.

Read more…

Remote Code Execution via Cross Site Request Forgery in InternetCube and YunoHost

computer web security yunohost csrf vulnerability advisory

How I found remote code execution vulnerabilities via Cross Site Request Forgery (CSRF) on the administration interfaces of InternetCube applications and of the YunoHost administration interface which could have been used to execute arbitrary code as root. These vulnerabilities were fixed in YunoHost 3.3, OpenVPN Client app 1.3.0. and YunoHost 3.4.

Read more…

Page 1 of 2 | | Next page | JSON Feed | Atom Feed