You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You need two browsers for exploitation
1)Go to users settings in both the browsers
2)update your password in one browser and click on save
3)Now move to other browser and try to add some information like name and all.
i.e it is not asking for reauthentication after password change..
The other browser doesnt log you out because of password change..Thus an attacker can edit any information...
If an attacker had already logged in once..No matter how many times the victim changes his password,
the attacker would be able to access the victim's account.
Refer to owasp for session management
The text was updated successfully, but these errors were encountered:
Session Management Issue in Users tab
link: http://localhost/monstra/users/1/edit
You need two browsers for exploitation
1)Go to users settings in both the browsers
2)update your password in one browser and click on save
3)Now move to other browser and try to add some information like name and all.
i.e it is not asking for reauthentication after password change..
The other browser doesnt log you out because of password change..Thus an attacker can edit any information...
If an attacker had already logged in once..No matter how many times the victim changes his password,
the attacker would be able to access the victim's account.
Refer to owasp for session management
The text was updated successfully, but these errors were encountered: