Visma Public: Session replay vulnerability in app.workbox.dk domain

2020-03-02T14:00:02
ID H1:808731
Type hackerone
Reporter hungry_boy
Modified 2020-06-26T11:11:14

Description

The researcher found that sessions don't expire when users logs out of their account. This means that if the session cookie and it's value is known, an attacker can impersonate the owner of the account