View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0007044Kali LinuxKali Package Bugpublic2021-02-09 09:552021-06-30 08:49
Reportervgsgs Assigned Torhertzog  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Product Versionkali-dev 
Summary0007044: SESSION HIJACKING.
Description

VULNERABILITY NAME: SESSION HIJACKING.

VULNERABILITY URL: https://bugs.kali.org/

DESCRIPTION:
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.

Steps To Reproduce

STEPS TO REPRODUCED:
1) Log in to your account
2) Copy your cookies
3) Logout
4) Clear browser cookies
5) Paste the cookies (copied in step 2)
6) Refresh the page
7) Now you will be logged into the account

Additional Information

The Patch:
Cookies should expire after the logout and previous cookies should not be used for logging into the account, they should expire!

IMPACT:

The malicious attacker can enter the server and access its information without having to hack a registered account. In addition, he can also make modifications on the server to help him hack it in the future or to simplify a data-stealing operation.

Attached Files
bandicam 2021-02-09 14-59-05-295.mp4 (1,273,295 bytes)   
bandicam 2021-02-09 14-59-05-295.mp4 (1,273,295 bytes)   

Activities

vgsgs

vgsgs

2021-02-11 06:12

reporter   ~0014214

Hello Team,
Any update?
rhertzog

rhertzog

2021-02-11 08:36

administrator   ~0014215

"session hijacking" assumes that you have a way to intercept the cookie, and you have not shown any way to intercept said cookie over https.

That said I reckon that it would be better if the session cookie was invalidated on logout. But this is a mantis instance so you should file that bug report against mantis, we are not the mantis developers:
https://mantisbt.org/bugs/
vgsgs

vgsgs

2021-02-12 10:58

reporter   ~0014218

Hello Team,

But this is valid impactful issue after logout then also we directly entered in account without help of login username and password it means this is valid impactful issue.
Please check video and replay back.

Regards,
Vaibhav
kali-bugreport

kali-bugreport

2021-02-14 12:21

reporter   ~0014220

IMHO the Kali team has already replied back above. Just report an issue to the Mantis team if you see any required action for this issue.
kali-bugreport

kali-bugreport

2021-03-09 21:11

reporter   ~0014302

https://mantisbt.org/bugs/view.php?id=11296

https://mantisbt.org/bugs/view.php?id=27976
rhertzog

rhertzog

2021-03-09 21:26

administrator   ~0014303

Nice to see that this is going to be fixed upstream!

@kali-bugreport was that you that submitted this upstream or @vgsgs ?
kali-bugreport

kali-bugreport

2021-03-10 20:31

reporter   ~0014309

@rhertzog No, not me. I guess it was @vgsgs or any other reader of this issue here.
kali-bugreport

kali-bugreport

2021-03-13 12:22

reporter   ~0014344

Looks like this is CVE-2009-20001:

https://nvd.nist.gov/vuln/detail/CVE-2009-20001
vgsgs

vgsgs

2021-03-13 12:36

reporter   ~0014347

Hello Team,

Any reward for this valid issue?
vgsgs

vgsgs

2021-03-15 10:29

reporter   ~0014352

Hello Team,

Any reward for this valid issue?

Regards,
Vaibhav
vgsgs

vgsgs

2021-03-17 07:02

reporter   ~0014365

Hello @rhertzog and @kali-bugreport
Can i eligible for reward for this vulnerability issue?

Please reply back regarding my reward.
g0tmi1k

g0tmi1k

2021-03-23 06:37

administrator   ~0014387

Bug bounty information can be found here ~ https://www.kali.org/contact/
vgsgs

vgsgs

2021-04-02 08:29

reporter   ~0014426

Sir,
I check your bug bounty program is there so now your team resolved this issue then how to I process regarding reward?
Can I eligible for a reward for this vulnerability issue?

Please reply back regarding my reward.
rhertzog

rhertzog

2021-04-02 08:38

administrator   ~0014427

@vgsgs The Kali team is not in charge of the bug bounty program, please stop requesting this on this ticket. The bug bounty program is described here: https://www.offensive-security.com/bug-bounty-program/

Follow the process there, thank you.
rhertzog

rhertzog

2021-04-02 08:38

administrator   ~0014428

Will be fixed on bugs.kali.org the next time that we upgrade our mantis setup.

Issue History

Date Modified Username Field Change
2021-02-09 09:55 vgsgs New Issue
2021-02-09 09:55 vgsgs File Added: bandicam 2021-02-09 14-59-05-295.mp4
2021-02-11 06:12 vgsgs Note Added: 0014214
2021-02-11 08:36 rhertzog Note Added: 0014215
2021-02-12 10:58 vgsgs Note Added: 0014218
2021-02-14 12:21 kali-bugreport Note Added: 0014220
2021-03-09 21:11 kali-bugreport Note Added: 0014302
2021-03-09 21:26 rhertzog Note Added: 0014303
2021-03-10 20:31 kali-bugreport Note Added: 0014309
2021-03-13 06:31 Ehtisham Issue cloned: 0007094
2021-03-13 06:31 Ehtisham Issue cloned: 0007096
2021-03-13 12:22 kali-bugreport Note Added: 0014344
2021-03-13 12:36 vgsgs Note Added: 0014347
2021-03-15 10:29 vgsgs Note Added: 0014352
2021-03-15 10:40 awesome.juanr155 Issue cloned: 0007099
2021-03-17 07:02 vgsgs Note Added: 0014365
2021-03-23 06:37 g0tmi1k Note Added: 0014387
2021-03-30 03:09 Erika carpenter Issue cloned: 0007124
2021-04-02 08:29 vgsgs Note Added: 0014426
2021-04-02 08:38 rhertzog Note Added: 0014427
2021-04-02 08:38 rhertzog Assigned To => rhertzog
2021-04-02 08:38 rhertzog Status new => resolved
2021-04-02 08:38 rhertzog Resolution open => fixed
2021-04-02 08:38 rhertzog Note Added: 0014428
2021-06-30 08:49 g0tmi1k Priority immediate => normal