I never logout myself after a session so am normally logged in when I return to the forum. Today I visited the site and replied to a post, I then noticed that I was logged in as gabtech and posting under that name. Logged out and successfully logged in with my nic007 login. How did my live nic007 login status change to gabtech?
I don't completely understand this yet but I did find the following:
The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum