Description
Due to improper cache control an attacker can view sensitive information even if he is not logged into the account
Proof of Concept
- Go to https://rdiffweb-demo.ikus-soft.com/login/ and login into your account using given credentials
- Go to https://rdiffweb-demo.ikus-soft.com/admin/logs and this endpoint has the entire log
- Click on Logout
- Now press the back button of your browser
- You will notice that you are still able to view the sensitive data/log files
Mitigation:
Cache-Control: private, no-cache, no-store, max-age=0
Pragma: no-cache
Expires: 0