CloudBleed: Guess What? There was 0-day protection
Published Feb 27, 2017
Version 1.0Was this article helpful?
Great article and write up. Presumably then when this is encrypted client side, the appropriate decryption happens within Websafe?
I am curious about this with regards to how it is set up for specific web apps. Would it be correct to say that the device needs to be told about all such fields?
Also, does this fully mitigate all issues noted with Cloudbleed? As in, we can see that clearly it can prevent the clear text caching of credentials, but this is only a small part of the issue...can you tell Websafe about session cookies and does mitigate session hijacking in the same way and prevent replay with randomisation?
Thanks :)