New Relic: Improper Session Management

2016-05-16T18:33:52
ID H1:139178
Type hackerone
Reporter czd
Modified 2017-02-19T14:36:59

Description

When a User successfully login to account there are new 3 links which he/she can visit but when a user Logout from one link ex:- HTTP://insights.newrelic.com/accounts/11*

user successfully logout message will appear & logout. Here user will logout from 2 links ex :- HTTP://insights.newrelic.com/accounts/1332783 ex :- HTTP://synthetics.newrelic.com/accounts/1332783/synthetics

But users are wide open to attack on 1 link because of improper session management ex:- HTTP://rpm.newrelic.com/accounts/1332783/servers

attacker can do any thing on above account.

Steps to reproduce :- (1) login from account it will open to "rpm" (2) open a link in new window & user will move to "insight" (3)open 3rd link "Synthetics" in new tab. (4)logout from Insight (5) visit synthetics page user will automatically logged out. (6) visit rpm link & attacker can change any thing on account.