tamir-ben
commented
3 years ago the issue was assigned CVE-2019-7350. Any plans to commit a fix?
Open Loginsoft-Research opened 5 years ago
tamir-ben
commented
3 years ago the issue was assigned CVE-2019-7350. Any plans to commit a fix?
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
synthead
commented
11 months ago When is this high-priority CVE planned to be resolved?
Describe Your Environment
Describe the bug Before any response being rendered on the web page, a cookie is being set as part of response via Set-Cookie header.Currently due to improper implementation, multiple cookies (3-5) are being set when a user successfully logs in, which isn't an expected behavior.Now when the next user logs into the application using the same browser, the last user's last cookie is being set as the present user's first cookie.
To Reproduce
Login into the application, capture the response (Live HTTP header addon for firefox)
Multiple Set-Cookie headers will be present in the response
Exploitation
Actors-
User B's cookie : Set-Cookie: ZMSESSID=rrnilufc9vgb3cp0l2m7cqrc91; path=/; HttpOnly Set-Cookie: ZMSESSID=blkta1mgocj5ksqdg5ncpdptg3; path=/; HttpOnly Set-Cookie: ZMSESSID=blkta1mgocj5ksqdg5ncpdptg3; path=/; HttpOnly Set-Cookie: ZMSESSID=blkta1mgocj5ksqdg5ncpdptg3; path=/; HttpOnly Set-Cookie: ZMSESSID=p79d4mk2g6sm5qi6o51ep6j6m5; path=/; HttpOnly -
Common to User A's First cookieUser A's cookie - Set-Cookie: ZMSESSID=p79d4mk2g6sm5qi6o51ep6j6m5; path=/; HttpOnly -
Common to User B's Last cookieSet-Cookie: ZMSESSID=2397j5pchtgt153ukrmutgbmv1; path=/; HttpOnly Set-Cookie: ZMSESSID=2397j5pchtgt153ukrmutgbmv1; path=/; HttpOnly Set-Cookie: ZMSESSID=2397j5pchtgt153ukrmutgbmv1; path=/; HttpOnly Set-Cookie: ZMSESSID=eg5hvsn3i67n34fibt5nq7lbu6; path=/; HttpOnly
Expected behavior
Debug Logs