Broken Authentication and session management

From Hackipedia
Jump to: navigation, search
Hackerone #284
Target: Hackerone
Target Module:
Type: Authentication
Original: Link
Archive Screenshot

Hackerone sessions were vulnerable to a cookie replay attack. Session tokens stored in a users cookies where not destroyed on the server side after a user would log out.

How To Perform

  1. Login to an application
  2. Create a copy of the cookies used (a browser extension will work best)
  3. Log out of the application
  4. Wait a period of time >1hr
  5. Import the cookie
  6. Check if you are authenticated to the web application

Add your comment
Hackipedia welcomes all comments. If you do not want to be anonymous, register or log in. It is free.