Hacker News new | past | comments | ask | show | jobs | submit login

Fun stuff. Serious question though: if you know the cookie signing key, can't you just mint yourself an admin session? Is the YAML vuln required to exploit this issue?



I suspect no: you can sign cookies, but hopefully cookie only carries a session identifier. You'd still need to obtain a valid admin session..




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: