Gmail vulnerability via cookies

wittaj

wittaj

IPCT Contributor
Apr 28, 2019
32,773
62,730
USA
It is always something...

This method doesn't need your password or two-factor authentication codes to infiltrate your account, leaving many users vulnerable. The hackers are exploiting a weakness in "session cookies," the small files that keep you logged into websites. By stealing these cookies, criminals can effectively clone your login session and gain full access to your digital life.

When you click 'Remember this device' during login, the site issues a persistent session cookie that keeps you logged in.

Hacking via cookies.
 
  • Like
Reactions: JDreaming and bigredfish
That is nothing new. Hackers have been stealing authenticated sessions for a long time, in all manner of web products. It does not require you to check a "remember me" box or anything like that (although using such features CAN provide the hacker with a longer-lasting session token).

The key thing to realize is, in order to do any of this, the hacker needs to be running their malware ON YOUR COMPUTER outside of the browser sandbox where javascript execution is normally confined. At that point, you're already screwed because they're probably installing a backdoor and ransomware on there too.
 
  • Like
Reactions: bigredfish, BobbyArcher and JDreaming
You must log in or register to reply here.
Top Bottom