Why is it so easy to steal someone else's firefox cookies?

M

martensit2019-08-27 15:29:18

Information Security

martensit, 2019-08-27 15:29:18

Did a little experiment.
Yes - 1) Home computer with Windows 7
2) Server with Windows Server 2012 r2
Installed there and there the latest version of firefox (off site).
What I did: I copied 1 file (cookies.sqlite) from the firefox directory from my home computer to the server's firefox directory.
As a result, on the server in the browser, I was logged in under my accounts everywhere.
There is nothing in common between a server and a home computer.
How could this happen at all?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

L

Lynn "Coffee Man", 2019-08-27
@martensit

Em? What did you expect?
And in general, physical access to a computer is never “easy” from the point of view of information security.
UPD: Official position of Chrome. It is quite applicable to any other browsers and applications in general.
https://dev.chromium.org/Home/chromium-security/se...
[...]
We consider these attacks outside Chrome's threat model , because there is no way for Chrome (or any application ) to defend against a malicious user who has managed to log into your computer as you, or who can run software with the privileges of your operating system user account.