Session Fixation in erudika/scooldValid
Jul 6th 2021
Session Fixation vulnerability found in scoold in which it doesn't expire the sessions after password update.
🕵️♂️ Proof of Concept
Steps to reproduce: 1. Open the same account in the normal and private tab. 2. Change the password from anyone tab let's say private and then refresh the normal tab. 3. You will see the session doesn't get expired.
The session doesn't expire even after the victim changes the password.