Session Fixation in gunet/openeclass

Valid

Reported on

Sep 29th 2021


Description

The Cookie before & after user login doesn't change

Proof of Concept

// PoC.js
1 Load website in a new browser
2 Get cookie before login
3 Login to website
4 Get cookie after login
Compare those 2 values

Impact

Through other attack methods such as XSS, the attacker can store the user's cookies and access them later.

We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 months ago
We have contacted a member of the gunet/openeclass team and are waiting to hear back 2 months ago
gunet/openeclass maintainer validated this vulnerability a month ago
lethanhphuc has been awarded the disclosure bounty
The fix bounty is now up for grabs
gunet/openeclass maintainer confirmed that a fix has been merged on 21105c a month ago
The fix bounty has been dropped
gunet/openeclass maintainer
a month ago

Maintainer


Thanks for the report! We have applied a fix to the next release branch (3.12.x) and will be porting it forward to the default (4.0 future release) branch.

lethanhphuc
a month ago

Researcher


You're welcome ^^