Vulnerability in https://demo.mailpile.is/C/auth/login/ #2298
Comments
|
Hi Mailpile team, Can you please share an update on this ? |
|
Can someone please share any progress on this ? |
|
Thank you for reporting this. However, I do not believe this is a real vulnerability. If you are in a position to intercept the cookie or inject the Javascript necessary to exploit this, you may as well just steal the user's passphrase. Please feel free to correct me if you actually have a working exploit. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have identified a session fixation vulnerability, below is the steps to reproduce:
Step 1: Browse the application https://demo.mailpile.is/C/auth/login/ in any browser and intercept the request over proxy.
Step 2: Now observe the cookie "Cookie: 8MQqWfxkHjuN=YP9UgMJ7cCpfkxdL3fZkoEKBIIUFPjMq"
Step 3: Now login into the application and again intercept the request of an authenticated page.
Step 4: Now again observe the cookie "Cookie: 8MQqWfxkHjuN=YP9UgMJ7cCpfkxdL3fZkoEKBIIUFPjMq"
Step 5: The session cookie is same prior and post authentication which makes the application vulnerable to session fixation.
Reference Link:
https://owasp.org/www-community/attacks/Session_fixation
Mitigation/Patch
If you assign a new session when someone logs in, this flaw should be fixed.
The text was updated successfully, but these errors were encountered: