[VIM] WebAPP Audit

security curmudgeon jericho at attrition.org
Tue Mar 20 11:01:38 UTC 2007

As most of you may have noticed, WebAPP has gone under a fairly heavy 
audit and the changelog for


Shortly after, was released saying: "WebAPP had security audits 
done by professionals, and several previously uncovered major security 
issues were found, along with some more minor things that can negatively 
impact security." They aren't releasing details yet to give web sites a 
chance to upgrade.

Shortly after that, they released a patch to fix a remote cookie 
manipulation based attack that can let a remote attacker take over the 
admin account:


I'm a bit curious who the 'professionals' were that did the audit leading 
to and the details of the subsequent exploit.

More information about the VIM mailing list