Addons Firefox Web application Session Hijacking via Cookie replay

RESOLVED DUPLICATE of bug 961775

Status

addons.mozilla.org Graveyard
Public Pages
RESOLVED DUPLICATE of bug 961775
3 years ago
2 years ago

People

(Reporter: Muhammad Shahmeer, Unassigned)

Tracking

({sec-moderate})

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150323004010

Steps to reproduce:

Hello there
Steps to reproduce
Login using https://addons.mozilla.org/en-US/firefox/users/login?to=%2Fen-US%2Ffirefox%2F

Intercept request and capture the cookies, 
Replay the cookies after logging out


Actual results:

I was logged in using the same cookies, after logging out, Using the same cookies


Expected results:

The cookies should have been invalidated
Group: core-security → client-services-security
Component: Untriaged → Public Pages
Product: Firefox → addons.mozilla.org
Version: 38 Branch → unspecified
The site uses https. How would a third-party intercept the cookies?
Flags: needinfo?(shahmeerbond)
(Reporter)

Comment 2

3 years ago
Yes i agree there is no way to intercept cookies, But still there is a chance that the cookies can be hijacked in which can be reused to gain access to the session
Flags: needinfo?(shahmeerbond)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 961775
Keywords: sec-moderate
(Reporter)

Comment 4

2 years ago
Bounty?
Group: client-services-security
(Assignee)

Updated

2 years ago
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.