Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes (portswigger.net)
2 points by todsacerdoti 4 months ago | hide | past | favorite | 1 comment


That’s clever! Disappointing response from Django if that means they’re not going to fix it… I could understand it being outside the scope of their official vulnerability classification/process/whatever, but it’s still a clear correctness bug.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: