The UI Performs the Wrong Action in robotichead/nearbeach


Reported on

Oct 16th 2021


Sensitive data on the application can be exposed after the user logout

Proof of Concept

1 Login to the application ( )

2 Goto page like My Account , or Any other page

3 Click logout

4 Click browser back button


When a user logs out without closing the browser someone can view the information inside by clicking the back button on the browser.


not sure about exact file and line of occurrence

Add this code resolve this issue

addHeader("Cache-Control", "no-cache, no-store, must-revalidate");

We have contacted a member of the robotichead/nearbeach team and are waiting to hear back a year ago
robotichead validated this vulnerability a year ago
Asura-N has been awarded the disclosure bounty
The fix bounty is now up for grabs
a year ago



We have tried to re-replicate this issue however can not anymore. Can you please confirm that you can not re-replicate this issue.

Thank you

Regards Robotichead

a year ago


Issue is fixed

Thank you Regards Asura-n

robotichead confirmed that a fix has been merged on 157f7c a year ago
The fix bounty has been dropped has been validated
to join this conversation