Closed Bug 615502 Opened 14 years ago Closed 14 years ago

double back page allows access to previous CBA netbank session

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: service, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12

I've noticed, when using "Commonwealth Bank Netbank" service that if you navigate away from the site, then backpage, the page is still accessible.
I have tried loading three different links and can still back-page & get authority to use the account. 
Bad hole for small business owners.




Reproducible: Always

Steps to Reproduce:
1.Log onto you Commonwealth Bank Australia Account
2.go to an external site, or Even a few
3.Use page back to gain access
Actual Results:  
Allowed access to bank account.


Expected Results:  
I should be asked to log back in
I'm not sure why you expect to be logged out of a website simply by navigating away from it.  I can't think of a single example of where that would be true.  Try using the site's "Log Out" functionality to do so.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.