search

npxTSC / Sparklet

Personal pet project site. Perpetually under maintenance. <3
https://sparklet.org/
3 stars 0 forks source link

Possible to log anyone out without prior authentication #33

Closed Lamby777 closed 1 year ago

Lamby777 commented 1 year ago

Specifically, this part in app.ts

case "Log Out":
    if (!row) return;

    // Remove auth cookie stuff
    res.cookie("user", null);
    res.cookie("luster", null);

    await db.editLoginToken(row.uuid, null);

    return res.redirect("/login");

Gonna fix later, but a little busy with other stuff right now.

Lamby777 commented 1 year ago

Tested, secure. @IIIzP0III have you tried pentesting with this?

Lamby777 commented 1 year ago

Better solution: logging out doesn't even access the DB. It should only remove the auth cookie. It's not like anyone's gonna brute-force the auth cookie, anyway... otherwise, it wouldn't be secure to use at all!