Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Identity authentication vulnerability in Latest Release #30

Closed
HatBoy opened this issue Mar 14, 2019 · 3 comments
Closed

Identity authentication vulnerability in Latest Release #30

HatBoy opened this issue Mar 14, 2019 · 3 comments

Comments

@HatBoy
Copy link

HatBoy commented Mar 14, 2019

Hi, I would like to report Cross Site Scripting vulnerability in latest release.

Description:
Identity authentication vulnerability in the logout, When you log out, the authentication token is still valid.

Steps To Reproduce:
1.Login the background
2.Do something, like list users
3.Logout
4.Replay packet, can see the user list.
4
author by jin.dong@dbappsecurity.com.cn

@7insummer
Copy link

This should be a bug. Thank you very much. Let's check it out。

@OS-WS
Copy link

OS-WS commented Aug 17, 2021

Hi @7insummer @HatBoy ,
Was this issue fixed?
if so, in what commit and what tag/version?
thanks!

@sunlin92
Copy link
Member

sunlin92 commented Dec 9, 2021

This shouldn't be a bug and there is no plan to fix it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants