mercredi 17 décembre 2014

Is HTTPS redirecting to HTTP a vulnerability?



Let's say a user is authenticated, and the entire account authentication process happened under secure HTTPS.


Upon successful login, the user is redirected back to the homepage. However, the homepage contains links within the website which do not have SSL enabled - basic HTTP.


For example:




  1. https://example.com




  2. http://ift.tt/1fgPI2v




  3. https://example.com




  4. http://ift.tt/1wthS5q (no SSL)




Is this a security vulnerability, and if so, what severity? If not, why? Aren't the cookies unsafe when going from HTTPS to HTTP?





Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)