Closed
Bug 1268631
Opened 8 years ago
Closed 7 years ago
session Hijacking
Categories
(Webmaker Graveyard :: General, defect)
Webmaker Graveyard
General
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: eldeebxboy, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 Build ID: 20160407164938 Steps to reproduce: Hello Mozilla team i found session hijacking(takeover) in https://teach.mozilla.org/ steps to reproduce 1.login to your account from tow device 2.change your password from one of them 3.the tow devices still working and your password changing not logout the other session (Password change not terminating other open sessions.) this will lead to Session Takeover vulnerability. when the user change his password the other open session should expire. Thanks Actual results: the actual results is when the user change his password all other opened session still worked Expected results: when the user change his password all other session should ended to protect users accounts from session takeover vulnerability
Updated•7 years ago
|
Component: Security Assurance: Applications → General
Product: mozilla.org → Webmaker
QA Contact: brett
Version: other → unspecified
Comment 1•7 years ago
|
||
Closing this bug as part of the Deprecation of the Webmaker Product on Bugzilla. If this issue needs to re resolved in another manner, re-file it in a new Product or find the associated project on Github (http://github.com/mozilla) and file an issue there. see bug 1347718
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•