Use of Cache Containing Sensitive Information in publify/publify
Reported on
Oct 8th 2021
Description
publify does not use secure Cache-Control headers.
Proof of Concept
1: Login to application
2: click on admin link https://demo-publify.herokuapp.com/admin
3: Logout
4: Press the back button of the opened tab to still see that you can
view the information .
Impact
This issue is capable of storing sensitive page data in the Browser,
leading to situations where a physical attacker can press the Browser back button
to reveal information.
Recommended Fix
Add the Cache-Control header containing 'no-store' and 'no-cache' directives.
@0xAmal please fix word wrapping in this report.
Description publify does not use secure Cache-Control headers.
Proof of Concept 1: Login to application 2: click on admin link https://demo-publify.herokuapp.com/admin 3: Logout 4: Press the back button of the opened tab to still see that you can view the information . Impact This issue is capable of storing sensitive page data in the Browser, leading to situations where a physical attacker can press the Browser back button to reveal information.
Recommended Fix Add the Cache-Control header containing 'no-store' and 'no-cache' directives.
Yes, thanks. Are you also able to adjust the original report?
@0xAmal why does the report have purple words? It's just text and shouldn't have syntax highlighting. Are you using Markdown code blocks?