Failure to Invalidate session - on logout - Client side Server side - Without Burp

The document describes a vulnerability in an application where user sessions are not invalidated upon logout, allowing for potential session hijacking. An attacker could exploit this by changing a user's password and locking them out. The impact includes reputational damage and financial loss due to perceived insecurity by customers.

Uploaded by

piyushcyber9

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

13 views

Failure to Invalidate session - on logout - Client side Server side - Without Burp

Uploaded by

piyushcyber9

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 1

Vulnerability - Broken authentication and session management-failure to invalidate

session on logout (client-side/server-side)

-----------------------------------------------------------------------------------
-----------------------------------------------------------

Description - This application fails to invalidate a user’s session on logout,

leaving the account vulnerable to session hijacking. An attacker may compromise a
user’s session then be able to change the password of the account and lock out the
legitimate user.
-----------------------------------------------------------------------------------
-----------------------------------------------------------

Steps -
1 - Go to the URL - https://www.target.com
2 - Open the same account on two different tabs on the same browser - Broswer A
3 - Click on the Logout from one tab - TAB A
4 - Once the session is terminated, go to the second tab (TAB B) and update some
data and save it
5 - Post changing the data, click on the refresh button.
6 - Once refreshed, your second tab session is also terminated.
7 - Login again to the same account and the data has been changed
-----------------------------------------------------------------------------------
-----------------------------------------------------------

Impact - This vulnerability can lead to reputational damage and indirect financial
loss to the company as customers may view the application as insecure.
-----------------------------------------------------------------------------------
-----------------------------------------------------------

Zero Web App Vulnerability
No ratings yet
Zero Web App Vulnerability
11 pages
API Pentesting Mindmap ATTACK
No ratings yet
API Pentesting Mindmap ATTACK
1 page
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
From Everand
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
Ramon Nastase
4.5/5 (2)
Failure to Invalidate session - on logout - Client side Server side
No ratings yet
Failure to Invalidate session - on logout - Client side Server side
1 page
Broken Auth Session Management
No ratings yet
Broken Auth Session Management
1 page
Group01_OWASP
No ratings yet
Group01_OWASP
3 pages
Weak Registration Implementation
No ratings yet
Weak Registration Implementation
1 page
Bug Bounty Essential Guidelines PDF
No ratings yet
Bug Bounty Essential Guidelines PDF
27 pages
Vulnerabilities Notes
No ratings yet
Vulnerabilities Notes
68 pages
Document2-1
No ratings yet
Document2-1
27 pages
Microsoft SC-300: Identity and Access Administrator - Study Notes
From Everand
Microsoft SC-300: Identity and Access Administrator - Study Notes
Steve Brown
No ratings yet
Improper cache control
No ratings yet
Improper cache control
1 page
sct unit2
No ratings yet
sct unit2
16 pages
Vulnerability (Broken Authentication and Session Management)
No ratings yet
Vulnerability (Broken Authentication and Session Management)
4 pages
Application Security Introduction - Overview PT 2
No ratings yet
Application Security Introduction - Overview PT 2
40 pages
Case Study 2 Security in Web Application
No ratings yet
Case Study 2 Security in Web Application
8 pages
Broken Authentication Vulnerability Report
No ratings yet
Broken Authentication Vulnerability Report
1 page
5 Mins Presentation-Session Vulnerabilities
No ratings yet
5 Mins Presentation-Session Vulnerabilities
7 pages
UNIT V_ ATTACKING AUTHENTICATION_ _
No ratings yet
UNIT V_ ATTACKING AUTHENTICATION_ _
58 pages
Project Report On WAPT
No ratings yet
Project Report On WAPT
3 pages
Web Application (Muthoot - Com) - Pentesting - Revalidation - Report - 26-4-2023
No ratings yet
Web Application (Muthoot - Com) - Pentesting - Revalidation - Report - 26-4-2023
148 pages
Hacking Web Applications
No ratings yet
Hacking Web Applications
23 pages
ServiceNow Certified Implementation Specialist: Software Asset Management - Study Notes
From Everand
ServiceNow Certified Implementation Specialist: Software Asset Management - Study Notes
Steve Brown
No ratings yet
ISA - Report Format - Docx - 20240524 - 094710 - 0000
No ratings yet
ISA - Report Format - Docx - 20240524 - 094710 - 0000
8 pages
Web Penetration Report OWASP (1) (1)
No ratings yet
Web Penetration Report OWASP (1) (1)
16 pages
DES_223
No ratings yet
DES_223
13 pages
Cyber Hackathon
No ratings yet
Cyber Hackathon
32 pages
Owasp Top 10
No ratings yet
Owasp Top 10
9 pages
AppSec A2-Broken Authentication
No ratings yet
AppSec A2-Broken Authentication
5 pages
Web Application Vulnerabilities
No ratings yet
Web Application Vulnerabilities
4 pages
Must Know Hacking!3
No ratings yet
Must Know Hacking!3
60 pages
Audit
No ratings yet
Audit
25 pages
Additional Task 2
No ratings yet
Additional Task 2
9 pages
Test Portal: Vulnerability Assessment & Penetration Testing
No ratings yet
Test Portal: Vulnerability Assessment & Penetration Testing
12 pages
web application vulnerability mitigation report
No ratings yet
web application vulnerability mitigation report
2 pages
Web Application Vulnerability Assessment Checklist v1
No ratings yet
Web Application Vulnerability Assessment Checklist v1
16 pages
Hacking in Web Applications
No ratings yet
Hacking in Web Applications
8 pages
Carsome Customer Facing Mobile Application
No ratings yet
Carsome Customer Facing Mobile Application
23 pages
threat modeling
No ratings yet
threat modeling
7 pages
Comprehensive VAPT Report_ Technical Findings & Recommendations 2
No ratings yet
Comprehensive VAPT Report_ Technical Findings & Recommendations 2
24 pages
PenTest Proposal
No ratings yet
PenTest Proposal
8 pages
Session Hijacking Attacks
No ratings yet
Session Hijacking Attacks
18 pages
Task_2 WAPT_Report-1
No ratings yet
Task_2 WAPT_Report-1
9 pages
The Hidden Gap in Web Application Security User Sessions
No ratings yet
The Hidden Gap in Web Application Security User Sessions
12 pages
Vulnerabilities
No ratings yet
Vulnerabilities
9 pages
web Application vuLnerability
No ratings yet
web Application vuLnerability
2 pages
Client Web Application Assessment Report Dummy
No ratings yet
Client Web Application Assessment Report Dummy
29 pages
Module16
No ratings yet
Module16
5 pages
API Pentesting Mindmap While Trying To Attack
No ratings yet
API Pentesting Mindmap While Trying To Attack
1 page
Unit-2
No ratings yet
Unit-2
25 pages
ISA Certified Automation Professional (CAP) Associate Study Notes: 500 Study Notes for Accelerated Certification Success
From Everand
ISA Certified Automation Professional (CAP) Associate Study Notes: 500 Study Notes for Accelerated Certification Success
Steve Brown
No ratings yet
Security Vulnerability
No ratings yet
Security Vulnerability
5 pages
Logical Vulnerabilities
No ratings yet
Logical Vulnerabilities
9 pages
Broken Authentication
No ratings yet
Broken Authentication
3 pages
Final Penetration Testing Report
No ratings yet
Final Penetration Testing Report
4 pages
TASK1.0
No ratings yet
TASK1.0
12 pages
NCHL Patched
No ratings yet
NCHL Patched
28 pages
Task 2 The Red Users
No ratings yet
Task 2 The Red Users
9 pages
Report - Phan Nguyen Thi
No ratings yet
Report - Phan Nguyen Thi
15 pages
Topic 6 Web Security
No ratings yet
Topic 6 Web Security
15 pages

Failure to Invalidate session - on logout - Client side Server side - Without Burp

Uploaded by

Failure to Invalidate session - on logout - Client side Server side - Without Burp

Uploaded by

Vulnerability - Broken authentication and session management-failure to invalidate

session on logout (client-side/server-side)

Description - This application fails to invalidate a user’s session on logout,

You might also like