Session doesn't expired after login
Unknown
Vulnerability Details
Hi,
I don't know is it a valid vulnerability under your program but I found it.
Attacker can use victims cookie to logged in user account again.
Steps
=====
1) Login as user
2) Copy cookie you may use http://www.editthiscookie.com addon to edit cookies.
3) Logged out and delete cookie.
4) Now as a attacker Paste the copied cookie and see you are logged in into victims account.
If you need more information then I'll make a video as PoC on it.
Thanks
Happy to help :)
Actions
View on HackerOneReport Stats
- Report ID: 147388
- State: Closed
- Substate: resolved
- Upvotes: 4