Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a logout logic vulnerability in the background #7

Closed
kpa1on opened this issue Feb 20, 2022 · 1 comment
Closed

There is a logout logic vulnerability in the background #7

kpa1on opened this issue Feb 20, 2022 · 1 comment

Comments

@kpa1on
Copy link

kpa1on commented Feb 20, 2022

Version:v0.2.0
First, log in to the background normally and send query requests. Pay attention to cookies

image
Then click the exit login button. At this time, the back-end code does not delete the user's session, but just jumps to the login page. You can see that the requested data can still be obtained normally with the previous cookie. Then the attacker can log in to the system again with the help of the browser cache when the user exits.

image
Repair suggestion: when exiting the login, delete the user's session first, and then jump to the login page.

@javahuang
Copy link
Owner

@l2sec thanks, fixed b637fed

The backend uses JWT. Currently, I don't want to use additional storage, such as a blacklist mechanism, just delete the token cookie from server now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants