Reliance on Cookies without Validation and Integrity Checking in erudika/scoold

Valid

Reported on

Jul 10th 2021


Reuse of cookies:

The cookies are not expiring after sign out. Once the user signs out of his account, the cookies needs to be expired and should not be any use of reuse. But in this case, an attacker can grab the cookies and use them to log them into a user's account

POC:

1)Go to https://live.scoold.com/ 2)Login using your credentials 3)Now copy the cookies 4)Log out of your account 5)Go to Mozilla and paste the cookies 6)You will be logged into the user's account

P.S: I apologise if I set the permalink wrong, but Iam kind a new to this

We have contacted a member of the erudika/scoold team and are waiting to hear back a year ago
sudheendra17 modified the report
a year ago
Alex
a year ago

Maintainer


That's right - those cookies contain JWTs which only expire when the value of the exp property is reached. This is a "won't fix".

Alex Bogdanovski validated this vulnerability a year ago
sudheendra17 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski marked this as fixed with commit c25189 a year ago
Alex Bogdanovski has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation