Reliance on Cookies without Validation and Integrity Checking in erudika/scoold

Valid

Reported on

Jul 10th 2021


Reuse of cookies:

The cookies are not expiring after sign out. Once the user signs out of his account, the cookies needs to be expired and should not be any use of reuse. But in this case, an attacker can grab the cookies and use them to log them into a user's account

POC:

1)Go to https://live.scoold.com/ 2)Login using your credentials 3)Now copy the cookies 4)Log out of your account 5)Go to Mozilla and paste the cookies 6)You will be logged into the user's account

P.S: I apologise if I set the permalink wrong, but Iam kind a new to this

We have contacted a member of the erudika/scoold team and are waiting to hear back 7 months ago
sudheendra17 modified their report
7 months ago
Alex
7 months ago

Maintainer


That's right - those cookies contain JWTs which only expire when the value of the exp property is reached. This is a "won't fix".

Alex Bogdanovski validated this vulnerability 7 months ago
sudheendra17 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski confirmed that a fix has been merged on c25189 a month ago
Alex Bogdanovski has been awarded the fix bounty