this post was submitted on 19 Oct 2024
3 points (100.0% liked)

Infosec News

113 readers
60 users here now

A community posting Cybersecurity related articles.

founded 1 week ago
MODERATORS
[email protected]
sv1sjp
3
Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies (www.cisa.gov)
submitted 3 days ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] solrize 1 points 3 days ago

This is about some kind of firewall appliance that proxies http connections to devices on the inside. I didn't examine the attack in detail but it sounds like it's possible to modify unencrypted http cookies to enumerate device on the inside. Some kind of reflection attack? Or is the firewall creating it's own cookes that are malleable? Anyway the post is legit but most of us aren't using these.