Closed
Bug 1168352
Opened 9 years ago
Closed 9 years ago
Session Replay & Session Fixation
Categories
(addons.mozilla.org Graveyard :: Administration, defect)
addons.mozilla.org Graveyard
Administration
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 961775
People
(Reporter: bhati.contact, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
Steps to reproduce:
The session maintain in "https://addons.mozilla.org" is not expiring properly which leads to account take over.
Session cookies for "https://addons.mozilla.org" are not getting expired on server side once user logged out. Due to this mis-configuration an unauthenticated user can access victims account "Locally"
=======================
Steps To Reproduce
1. Login to "https://addons.mozilla.org"
2. Intercept any authenticated request and send that request to repeater by using any proxies , i used Burp Suite.
3. Now logged out from "https://addons.mozilla.org"
4. Now go to repeater tab and repeat the request in Mozilla Or Chrome "Private Browsing" , and you will find your self in Victim account.
==================================
Actual results:
Effect - Now how this vulnerability can effect users,
Cookies are normally stored in Browser , and in mozilla you can install cookies manager addon to see stored cookies
Now we can say that , Why attacker will use cookies manager instead of any malware or trojan, Because in today scenario every one have anti virus protection and it will prevent attacker to install malware and trojans, But an anti virus cant stop some one to install add on such as "Cookies manager"
1. If i repeat an expired session request then i should not get in to the authenticated menu
2. Instead of throwing me out , The application is allowing me to get in to the account.
3. Session is not getting expired on server side which leads to Account Hijacking Locally
Expected results:
1. If i repeat the request which is already expired then i should not get in to the account , Due to security reasons.
Updated•9 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Group: client-services-security
Assignee | ||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•