View Issue Details

IDProjectCategoryView StatusLast Update
0007099Kali Linux[All Projects] Feature Requestspublic2021-06-30 08:49
Reporterawesome.juanr155 Assigned To 
PrioritylowSeveritytweakReproducibilityalways
Status newResolutionopen 
Product Version2021.1 
Target VersionFixed in Version 
Summary0007099: SESSION HIJACKING.
DescriptionVULNERABILITY NAME: SESSION HIJACKING.

VULNERABILITY URL: https://bugs.kali.org/

DESCRIPTION:
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.


Steps To Reproduce
STEPS TO REPRODUCED:
1) Log in to your account
2) Copy your cookies
3) Logout
4) Clear browser cookies
5) Paste the cookies (copied in step 2)
6) Refresh the page
7) Now you will be logged into the account
Additional InformationThe Patch:
Cookies should expire after the logout and previous cookies should not be used for logging into the account, they should expire!

IMPACT:

The malicious attacker can enter the server and access its information without having to hack a registered account. In addition, he can also make modifications on the server to help him hack it in the future or to simplify a data-stealing operation.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-03-15 10:40 awesome.juanr155 New Issue
2021-03-15 10:40 awesome.juanr155 Issue generated from: 0007044
2021-06-30 08:49 g0tmi1k Priority none => low