Get a Pentest and security assessment of your IT network.

Cyber Security

PHP Session IDs Can Be Guessed

Security expert Andreas Bogk warns that the session IDs of users logged into PHP implementations remain guessable. Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts. Researchers urge developers to ban PHP SuperGlobal variables in applications. These variables are wide open to remote code execution, remote file inclusion and security bypasses. A flaw in the EMV protocol lays out the rules for chip-and-PIN card transactions at ATMs and point-of-sale terminals could enable persistent attackers to carry out bogus card transactions.

Source: https://threatpost.com/php-session-ids-can-be-guessed-033010/73759/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation