Through all the client click on the access personal home page, you can let the users sync log on to the PC the browser end
The login process is substantially as follows, parameters have been removed, interest Go directly to the capture see: the
4. Enter the personal home page
Vulnerability out in the second step, this step of the transfer is used for user login authentication parameters.
The test found that:
（1）The direct use of crawl to this link, you can directly log on transfer corresponding to the identity of renren; and
（2）serious problem is also that this link is not expired, has been effective;
（3）even if the transfer corresponding to the user for a password change, this link also can still login to this user for all accounts;
（4）while everyone client this sync log is based on HTTP.
In short, as long as the attacker convinces a user to synchronize the login, and then by sniffing to get to this vulnerability link, then the attacker all of the Account will permanently be under the attacker's control.
Their capture try it to know.
The user authentication process need to be considered fully, not only check the userid, just guess, can not do without an expiration date, preferably only once.