If i can get the cookies of some user, i can get access to his/her profile through firefox

RESOLVED INVALID

Status

()

Firefox
Untriaged
RESOLVED INVALID
3 years ago
3 years ago

People

(Reporter: tarun.aggarwal4, Unassigned)

Tracking

35 Branch
x86_64
Windows 7
Points:
---
Bug Flags:
sec-bounty -

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Build ID: 20150122214805

Steps to reproduce:

If i can get access to user's cookie , I can get access to his/her profile.


Actual results:

I am able to get the access of user's profile


Expected results:

It should not allow me to have access of user's profile
This is expected behavior for sites that use cookies for authentication and will be true in every browser. This is why browser vendors stress that sites should use secure https:// connections and get rid of their insecure versions. There have been well publicized demonstrations where attackers have stolen such cookies over public wifi connections for sites that did not use https://.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Flags: sec-bounty-
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.