double back page allows access to previous CBA netbank session

RESOLVED INVALID

Status

()

Firefox
Security
--
major
RESOLVED INVALID
8 years ago
8 years ago

People

(Reporter: Bay TV, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12

I've noticed, when using "Commonwealth Bank Netbank" service that if you navigate away from the site, then backpage, the page is still accessible.
I have tried loading three different links and can still back-page & get authority to use the account. 
Bad hole for small business owners.




Reproducible: Always

Steps to Reproduce:
1.Log onto you Commonwealth Bank Australia Account
2.go to an external site, or Even a few
3.Use page back to gain access
Actual Results:  
Allowed access to bank account.


Expected Results:  
I should be asked to log back in
I'm not sure why you expect to be logged out of a website simply by navigating away from it.  I can't think of a single example of where that would be true.  Try using the site's "Log Out" functionality to do so.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.