Please sign in to comment.
Use crypto:rand_bytes() instead of the cryptogrphicalli weak random m…
…odule. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cokkies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that yse the yaws_session_server to maintain cookie based HTTP sessions
- Loading branch information...