Closed Bug 1168352 Opened 9 years ago Closed 9 years ago

Session Replay & Session Fixation

Categories

(addons.mozilla.org Graveyard :: Administration, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 961775

People

(Reporter: bhati.contact, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 Steps to reproduce: The session maintain in "https://addons.mozilla.org" is not expiring properly which leads to account take over. Session cookies for "https://addons.mozilla.org" are not getting expired on server side once user logged out. Due to this mis-configuration an unauthenticated user can access victims account "Locally" ======================= Steps To Reproduce 1. Login to "https://addons.mozilla.org" 2. Intercept any authenticated request and send that request to repeater by using any proxies , i used Burp Suite. 3. Now logged out from "https://addons.mozilla.org" 4. Now go to repeater tab and repeat the request in Mozilla Or Chrome "Private Browsing" , and you will find your self in Victim account. ================================== Actual results: Effect - Now how this vulnerability can effect users, Cookies are normally stored in Browser , and in mozilla you can install cookies manager addon to see stored cookies Now we can say that , Why attacker will use cookies manager instead of any malware or trojan, Because in today scenario every one have anti virus protection and it will prevent attacker to install malware and trojans, But an anti virus cant stop some one to install add on such as "Cookies manager" 1. If i repeat an expired session request then i should not get in to the authenticated menu 2. Instead of throwing me out , The application is allowing me to get in to the account. 3. Session is not getting expired on server side which leads to Account Hijacking Locally Expected results: 1. If i repeat the request which is already expired then i should not get in to the account , Due to security reasons.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Group: client-services-security
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.