- Mailing Lists
- in
- Vulnerability Report 01: Failure to invalidate session on Email Change
Archives
- By thread 3649
-
By date
- June 2021 10
- July 2021 6
- August 2021 20
- September 2021 21
- October 2021 48
- November 2021 40
- December 2021 23
- January 2022 46
- February 2022 80
- March 2022 109
- April 2022 100
- May 2022 97
- June 2022 105
- July 2022 82
- August 2022 95
- September 2022 103
- October 2022 117
- November 2022 115
- December 2022 102
- January 2023 88
- February 2023 90
- March 2023 116
- April 2023 97
- May 2023 159
- June 2023 145
- July 2023 120
- August 2023 90
- September 2023 102
- October 2023 106
- November 2023 100
- December 2023 74
- January 2024 75
- February 2024 75
- March 2024 78
- April 2024 74
- May 2024 108
- June 2024 98
- July 2024 116
- August 2024 134
- September 2024 130
- October 2024 141
- November 2024 70
Re:Looking for win-win cooperation!
Vulnerability Report 02: Failure to invalidate session on Password Change
Vulnerability Report 01: Failure to invalidate session on Email Change
Hi team,
I am a security researcher and this time I found this vulnerability in your website.
Vulnerability Report : Failure to invalidate session on Email Change
Weakness : Insufficient Session Expiration
Description:
I observe that when we change Email from one browser in place of session
Expire from another browser it just updates Email from another browser and
the old session gets updated without being logged out.
Steps to check Session Management issue On Email change :
1- login From two browser at a time [ From Chrome browser and From Mozilla
Firefox ]
2- Change Email in setting from chrome browser
3- Now Check Mozilla FireFox
4- Your Session Got Updated in place of expiration
Recommendations:
If Session is Updating From One Browser so Others Should Expire First to
renew session after login.
Please let me know if any more info is needed !
Looking after your response.
Thanks & Regards,
Through Star jet Cyber,
Afshan
Through Star jet Cyber,
Afshan
by "starjet cyber" <starjetcyber22@gmail.com> - 10:19 - 12 Aug 2024