Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories

Severity

Moderately severe

Problem description

Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the receiving server or be used for XSRF.

Suitable monitoring of the change in the state of the random number generator before and after loading other pages, might reveal which scripts have been executed and thus the user’s login status.

Opera’s response

Opera Software has released Opera 9.64 where this issue has been fixed.

Credits

Thanks to Amit Klein for reporting this issue to Opera Software.