Account creation session hijack bug
Device:
Browser:
OS:
Steps to reproduce:
1. Create account
2. Get redirected to the front page
3. Notice sid is in the URL. This is not secure since I could copy and paste this link not knowing it's my session id. Someone could hijack my session.
Anything else to add:
1
reply
2363 views
Description
Device:
Browser:
OS:
Steps to reproduce:
1. Create account
2. Get redirected to the front page
3. Notice sid is in the URL. This is not secure since I could copy and paste this link not knowing it's my session id. Someone could hijack my session.
Anything else to add:
Browser:
OS:
Steps to reproduce:
1. Create account
2. Get redirected to the front page
3. Notice sid is in the URL. This is not secure since I could copy and paste this link not knowing it's my session id. Someone could hijack my session.
Anything else to add:
Can be used to make Runewords:
Fixed•Go to post
SIDs have been in phpBB topic urls for 20 years and more. If there was a security concern about this I think they would have changed it by then.Auxis wrote: 3 years ago 3. Notice sid is in the URL. This is not secure since I could copy and paste this link not knowing it's my session id. Someone could hijack my session.
SIDs have been in phpBB topic urls for 20 years and more. If there was a security concern about this I think they would have changed it by then.Auxis wrote: 3 years ago 3. Notice sid is in the URL. This is not secure since I could copy and paste this link not knowing it's my session id. Someone could hijack my session.
Similar pages
-
-
-
-
-
switch bnet account connected?
by » » in Bug Reports
-
-
-
Advertisment
Hide ads
Greetings stranger!
You don't appear to be logged in...No matches
Auxis
0