View Issue Details

IDProjectCategoryView StatusLast Update
0007124Kali Linux[All Projects] Kali Package Bugpublic2021-03-30 03:09
ReporterErika carpenter Assigned To 
PriorityimmediateSeveritycrashReproducibilityalways
Status newResolutionopen 
Product Versionkali-dev 
Target VersionFixed in Version 
Summary0007124: SESSION HIJACKING.
DescriptionVULNERABILITY NAME: SESSION HIJACKING.

VULNERABILITY URL: https://bugs.kali.org/

DESCRIPTION:
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.


Steps To Reproduce
STEPS TO REPRODUCED:
1) Log in to your account
2) Copy your cookies
3) Logout
4) Clear browser cookies
5) Paste the cookies (copied in step 2)
6) Refresh the page
7) Now you will be logged into the account
Additional InformationThe Patch:
Cookies should expire after the logout and previous cookies should not be used for logging into the account, they should expire!

IMPACT:

The malicious attacker can enter the server and access its information without having to hack a registered account. In addition, he can also make modifications on the server to help him hack it in the future or to simplify a data-stealing operation.

Activities

vgsgs

2021-02-09 09:55

reporter  

bandicam 2021-02-09 14-59-05-295.mp4 (1,273,295 bytes)

vgsgs

2021-02-11 06:12

reporter   ~0014407

Hello Team,
Any update?

rhertzog

2021-02-11 08:36

administrator   ~0014408

"session hijacking" assumes that you have a way to intercept the cookie, and you have not shown any way to intercept said cookie over https.

That said I reckon that it would be better if the session cookie was invalidated on logout. But this is a mantis instance so you should file that bug report against mantis, we are not the mantis developers:
https://mantisbt.org/bugs/

vgsgs

2021-02-12 10:58

reporter   ~0014409

Hello Team,

But this is valid impactful issue after logout then also we directly entered in account without help of login username and password it means this is valid impactful issue.
Please check video and replay back.

Regards,
Vaibhav

kali-bugreport

2021-02-14 12:21

reporter   ~0014410

IMHO the Kali team has already replied back above. Just report an issue to the Mantis team if you see any required action for this issue.

kali-bugreport

2021-03-09 21:11

reporter   ~0014411

https://mantisbt.org/bugs/view.php?id=11296

https://mantisbt.org/bugs/view.php?id=27976

rhertzog

2021-03-09 21:26

administrator   ~0014412

Nice to see that this is going to be fixed upstream!

@kali-bugreport was that you that submitted this upstream or @vgsgs ?

kali-bugreport

2021-03-10 20:31

reporter   ~0014413

@rhertzog No, not me. I guess it was @vgsgs or any other reader of this issue here.

kali-bugreport

2021-03-13 12:22

reporter   ~0014418

Looks like this is CVE-2009-20001:

https://nvd.nist.gov/vuln/detail/CVE-2009-20001

vgsgs

2021-03-13 12:36

reporter   ~0014419

Hello Team,

Any reward for this valid issue?

vgsgs

2021-03-15 10:29

reporter   ~0014420

Hello Team,

Any reward for this valid issue?

Regards,
Vaibhav

vgsgs

2021-03-17 07:02

reporter   ~0014422

Hello @rhertzog and @kali-bugreport
Can i eligible for reward for this vulnerability issue?

Please reply back regarding my reward.

g0tmi1k

2021-03-23 06:37

administrator   ~0014414

Bug bounty information can be found here ~ https://www.kali.org/contact/

Issue History

Date Modified Username Field Change
2021-03-30 03:09 Erika carpenter New Issue
2021-03-30 03:09 Erika carpenter Issue generated from: 0007044