Value of JSESSIONID and XSRF token parameter in cookie remains same before and after login

Disclosed: 2014-05-14 21:58:04 By shahmeer-amir To relateiq

Unknown

Vulnerability Details

Here are two same values captured via intercepting the request and the value of JSESSIONID and XSRF remains same before and after login JSESSIONID=m8u0pm8mjvckm1ya8da4oqlfb0pd34iw38lr; XSRF-TOKEN=6B025F41D13BC02E9D658409BAC23F84; This could lead to further threats such as session hijacking etc

Actions

View on HackerOne

Report Stats

Report ID: 2421
State: Closed
Substate: resolved
Upvotes: 4

Value of JSESSIONID and XSRF token parameter in cookie remains same before and after login

Vulnerability Details

Actions

Report Stats

Share this report