Visma Public: Session replay vulnerability in domain

ID H1:808731
Type hackerone
Reporter hungry_boy
Modified 2020-06-26T11:11:14


The researcher found that sessions don't expire when users logs out of their account. This means that if the session cookie and it's value is known, an attacker can impersonate the owner of the account