Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrShubh123-tri6951260F-E1C9-4296-8E9E-30636CD5AD88
HistoryFeb 03, 2022 - 7:20 a.m.

in cortezaproject/corteza-server

2022-02-0307:20:57
shubh123-tri
www.huntr.dev
6
insecure session
unauthorized changes
account hacking
bug bounty
JSON

Description

During testing it was found that if a user revoke his all active session, then also user is able to make changes to his account.

Proof of Concept

  1. Log in to the application
  2. Go to profile>login sessions and revoke all sessions.
  3. You will see that all other sessions are still valid and the user is able to revoke other user sessions by going to Users>edit>revoke sessions.

Impact

If a victim account is hacked and he wants to revoke all his sessions, but since the configuration provided is not proper, he won’t be able to revoke all active user sessions as attacker is still able to make changes to hacked account.

JSON