Cookies are not cleared from Server side on Logout

Disclosed: 2017-05-09 17:50:25 By rajauzairabdullah To mavenlink

Unknown

Vulnerability Details

i logged out from my account after using it and then clicked on back i found my account logged in.Cookies are not handled well on logged out.I saw that cookie is not expired. If the hacker gets victim's cookie, the hacker can use it for a pretty good time period. Best Regardz RajaUzairAbdullah @UzaiRaja

Actions

View on HackerOne

Report Stats

Report ID: 21172
State: Closed
Substate: duplicate
Upvotes: 4

Cookies are not cleared from Server side on Logout

Vulnerability Details

Actions

Report Stats

Share this report