From Kyle Benson: a servlet filter to remove PS_TOKEN from the response cookie: One option is to simply disable the PS_TOKEN, and therefore prevent this vulnerability altogether! The problem is, PeopleSoft does not give us the option to disable it. I decided to come up with a proof of concept… Read More »PSEatCookies

Limit PeopleSoft Vulnerabilities

Last week a presentation at Hack in the Box, “Oracle PeopleSoft Applications are Under Attack”, focused on vulnerabilities in PeopleSoft applications. The presentation showed a number of ways that hackers could get access to a system. While some of the issues need to be fixed by Oracle (like poor encryption),… Read More »Limit PeopleSoft Vulnerabilities