View Issue Details

IDProjectCategoryView StatusLast Update
0002008XdebugStep Debuggingpublic2021-10-04 09:32
Reporterderick Assigned Toderick  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version3.1dev 
Target Version3.1devFixed in Version3.1.0 
Summary0002008: Using the XDEBUG_SESSION cookie could bypass shared-secret checks
Description

Xdebug 3.1 adds support for multi-value shared secrets. During the implementation of this, a check was inadvertently dropped to match the XDEBUG_SESSION cookie, as set through browser extensions to activate Xdebug's debugger, against this shared secret. This never made it into a release.

TagsNo tags attached.
Operating System
PHP Version8.0.0-8.0.4

Activities

Issue History

Date Modified Username Field Change
2021-08-18 09:04 derick New Issue
2021-08-18 09:48 derick Note Added: 0005984
2021-08-18 12:23 derick Assigned To => derick
2021-08-18 12:23 derick Status new => closed
2021-08-18 12:23 derick Resolution open => fixed
2021-08-18 12:23 derick Fixed in Version => 3.1dev
2021-09-05 16:15 derick Fixed in Version 3.1dev => 3.1.0beta1
2021-10-04 09:32 derick Fixed in Version 3.1.0beta1 => 3.1.0