Closed
Bug 1146429
Opened 11 years ago
Closed 11 years ago
Addons Firefox Web application Session Hijacking via Cookie replay
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 961775
People
(Reporter: shahmeerbond, Unassigned)
Details
(Keywords: sec-moderate)
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150323004010
Steps to reproduce:
Hello there
Steps to reproduce
Login using https://addons.mozilla.org/en-US/firefox/users/login?to=%2Fen-US%2Ffirefox%2F
Intercept request and capture the cookies,
Replay the cookies after logging out
Actual results:
I was logged in using the same cookies, after logging out, Using the same cookies
Expected results:
The cookies should have been invalidated
|
||
Updated•11 years ago
|
Group: core-security → client-services-security
Component: Untriaged → Public Pages
Product: Firefox → addons.mozilla.org
Version: 38 Branch → unspecified
|
|
||
Comment 1•11 years ago
|
||
The site uses https. How would a third-party intercept the cookies?
Flags: needinfo?(shahmeerbond)
|
Reporter | |
Comment 2•11 years ago
|
||
Yes i agree there is no way to intercept cookies, But still there is a chance that the cookies can be hijacked in which can be reused to gain access to the session
Flags: needinfo?(shahmeerbond)
|
||
Updated•11 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
|
||
Updated•10 years ago
|
Keywords: sec-moderate
|
|
Reporter | |
Comment 4•10 years ago
|
||
Bounty?
|
||
Updated•10 years ago
|
Group: client-services-security
|
Assignee | |
Updated•10 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•