Broken Authentication and session management

From Hackipedia
Jump to: navigation, search
Hackerone #284
Target: Hackerone
Target Module:
Type: Authentication
Payload:
Original: Link
CVE:
Archive Screenshot

Hackerone sessions were vulnerable to a cookie replay attack. Session tokens stored in a users cookies where not destroyed on the server side after a user would log out.

How To Perform

  1. Login to an application
  2. Create a copy of the cookies used (a browser extension will work best)
    1. https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en
  3. Log out of the application
  4. Wait a period of time >1hr
  5. Import the cookie
  6. Check if you are authenticated to the web application



Add your comment
Hackipedia welcomes all comments. If you do not want to be anonymous, register or log in. It is free.