Closed
Bug 1152537
Opened 9 years ago
Closed 9 years ago
If i can get the cookies of some user, i can get access to his/her profile through firefox
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: tarun.aggarwal4, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Build ID: 20150122214805 Steps to reproduce: If i can get access to user's cookie , I can get access to his/her profile. Actual results: I am able to get the access of user's profile Expected results: It should not allow me to have access of user's profile
Comment 1•9 years ago
|
||
This is expected behavior for sites that use cookies for authentication and will be true in every browser. This is why browser vendors stress that sites should use secure https:// connections and get rid of their insecure versions. There have been well publicized demonstrations where attackers have stolen such cookies over public wifi connections for sites that did not use https://.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: sec-bounty-
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•