Reliance on Cookies without Validation and Integrity Checking in erudika/scoold

Valid

Reported on

Jul 10th 2021

Reuse of cookies:

The cookies are not expiring after sign out. Once the user signs out of his account, the cookies needs to be expired and should not be any use of reuse. But in this case, an attacker can grab the cookies and use them to log them into a user's account

POC:

1)Go to https://live.scoold.com/ 2)Login using your credentials 3)Now copy the cookies 4)Log out of your account 5)Go to Mozilla and paste the cookies 6)You will be logged into the user's account

P.S: I apologise if I set the permalink wrong, but Iam kind a new to this

We have contacted a member of the erudika/scoold team and are waiting to hear back 2 years ago

sudheendra17 modified the report

2 years ago

Alex Bogdanovski Alex

commented 2 years ago

Maintainer

That's right - those cookies contain JWTs which only expire when the value of the exp property is reached. This is a "won't fix".

Alex Bogdanovski validated this vulnerability 2 years ago

sudheendra17 has been awarded the disclosure bounty

The fix bounty is now up for grabs

Alex Bogdanovski marked this as fixed with commit c25189 2 years ago

Alex Bogdanovski has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the erudika/scoold team and are waiting to hear back 2 years ago

sudheendra17 modified the report

2 years ago

Alex Bogdanovski Alex

commented 2 years ago

Maintainer

That's right - those cookies contain JWTs which only expire when the value of the exp property is reached. This is a "won't fix".

Alex Bogdanovski validated this vulnerability 2 years ago

sudheendra17 has been awarded the disclosure bounty

The fix bounty is now up for grabs

Alex Bogdanovski marked this as fixed with commit c25189 2 years ago

Alex Bogdanovski has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation