softvision-oana-arbuzov
commented
5 years ago Thanks for the report, but this is not a Compatibility issue.
For this project we try to focus our effort on layouts, features or content that works as expected in one browser but not in another. Closing the issue as Invalid.
Suggestion: Contact the site owner and point out the issue.
lock[bot]
URL: https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f
Browser / Version: Firefox 64.0 Operating System: Windows 7 Tested Another Browser: Yes
Problem type: Something else Description: Vulnerability Report (2) Failure to invalidate session on Password Reset Steps to Reproduce: Hi team,
Hope you are doing fine.
Myself, Ather Iqbal, Research Executive. i would like to bring your kind attention that i founded this VULNERABILITY in your WEBSITE.
VULNERABILITY (2) : Failure to invalidate session on Password Reset
DETAILS: We observe that when we change password from password reset form one browser in place of session expire from other browser it just updates password from other browser and the old session got updated without being logout.
STEPS TO CHECK SESSION MANAGEMENT ISSUED ON PASSWORD RESET:
1- Login to your account in one browser. 2- Generate password reset link in second browser for the same account 3- Open the password reset link in second browser and change the password. 4- Your Session Got Updated in place of expiration in other browser.
RECOMMENDATIONS:
Considering above vulnerability, we suggest you to kindly revisit your website design with your web development team.
If Session is Updating From One Browser so Other Should Expire First to renew session after login
We will be more happy to hear from you in this regard.
Have a nice day.
Best Regards
Browser Configuration
Console Messages:
[u'[console.log(NitroAds: geo: PK, timeout: 1500, failed load timeout: 15000) https://s.nitropay.com/ads-125.js?v=5:1:2017]', u'[console.timeStamp(CSI/tbsd_) https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.ch_JB5Hd5qQ.O/m=client/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCNwJe0dZ-InDzZ3bqoLBV4Po3WGug/cb=gapi.loaded_0:605:127]', u'[console.timeStamp(CSI/_tbnd) https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.ch_JB5Hd5qQ.O/m=client/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCNwJe0dZ-InDzZ3bqoLBV4Po3WGug/cb=gapi.loaded_0:605:127]', u'[JavaScript Warning: "Request to access cookie or storage on https://staticxx.facebook.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=42#channel=f2d83aaec69a4d&origin=https%3A%2F%2Freadms.net was blocked because it came from a tracker and content blocking is enabled." {file: "https://staticxx.facebook.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=42#channel=f2d83aaec69a4d&origin=https%3A%2F%2Freadms.net" line: 57}]', u'[JavaScript Warning: "Content Security Policy: Ignoring \'unsafe-inline\' within script-src: strict-dynamic specified"]', u'[JavaScript Warning: "Content Security Policy: Ignoring https: within script-src: strict-dynamic specified"]', u'[JavaScript Warning: "Content Security Policy: Ignoring http: within script-src: strict-dynamic specified"]', u'[JavaScript Error: "uncaught exception: [object Object]"]', u'[JavaScript Warning: "Request to access cookie or storage on https://tag.1rx.io/rmp/64676/0/mvo?z=1r&domain=readms.net&url=https%3A%2F%2Freadms.net%2Faccount%2Frecovery%2F25591%2F4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f&title=Account%20Recovery%20-%20Manga%20Stream&dsh=1024&dsw=1280&tz=420&dtype=2&flash=0&hbv=1.29%2C1.0.1&imp=msa-header-atf&w=728&h=90&floor=0&t=d& was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bid.contextweb.com/header/ortb was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://adserver-us.adtech.advertising.com/pubapi/3.0/11015.1/4519244/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=15e76534a744f678;misc=1540896908689; was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://ib.adnxs.com/ut/v3/prebid was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[console.log(NitroAds: failed to get bid for msa-header-atf) https://s.nitropay.com/ads-125.js?v=5:1:2017]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/visitormatch was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://secure.adnxs.com/async_usersync?cbfn=AN_async_load was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://secure.adnxs.com/async_usersync?cbfn=AN_async_load was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://secure.adnxs.com/async_usersync?cbfn=AN_async_load was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://delivery.h.switchadhub.com/set?name=PUL&value=MRlSwzNUzdz7&consent_string= was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&piggybackCookie=MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://ads.lfstmedia.com/mark/pulsepoint?user_id=MRlSwzNUzdz7&time=%24%24timestamp%24%24&rurl=https%3A%2F%2Fcms.lfstmedia.com%2Fputmatch-an was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://ads.lfstmedia.com/mark/pulsepoint_video?user_id=MRlSwzNUzdz7%26time%253D%2524%2524timestamp%2524%2524%2526rurl%253Dhttp%253A%252F%252Fcms.lfstmedia.com%252Fputmatch-an was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://sync.search.spotxchange.com/partner?adv_id=8185&uid=MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_cm&google_hm=MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://pixel.advertising.com/ups/55972/sync?uid=MRlSwzNUzdz7&_origin=1&gdpr=0&gdpr_consent= was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://match.adsrvr.org/track/cmf/contextweb was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://ads.yieldmo.com/v000/sync?userid=MRlSwzNUzdz7&pn_id=pp was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://trc.taboola.com/sg/pulsepoint-ssp-network/1/rtb-h?taboola_hm=1 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://um.simpli.fi/cw_match was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?do=add&pid=560549&ev=c5a42966-670e-416d-b0e6-03c392c0c2dd was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAEsfU63JJUAACvxbuSrlQ was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://sync.search.spotxchange.com/partner?adv_id=8185&uid=MRlSwzNUzdz7&__user_check__=1&sync_id=468a03bc-dc32-11e8-b5b0-165a26372207 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?do=add&pid=558758&ev=b5558205d69c78241a0536429453b42b was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?ev=0a945631-09bb-4e69-ce5b-71afa82b6499&do=add&pid=561419 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?do=add&pid=560776&xid=pxpPbH53.YLiFO_SnLfEjc2p&soc_src=mail&soc_trk=ma&ignore=MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?do=add&pid=560009&ev=dfac47cb7b69e9f318d7196ce7f1d00b was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://pixel.rubiconproject.com/tap.php?cookie_redirect=1&v=390200&nid=5120&put=MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://pixel-sync.sitescout.com/dmp/pixelSync?nid=95 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://openx2-match.dotomi.com/pulsepoint/match was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_cm=&google_hm=MRlSwzNUzdz7&google_tc= was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_tc= was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://cms.quantserve.com/pixel/p-LLMeM-2pGH95h.gif?idmatch=0&gdpr=0&gdpr_consent= was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://match.adsrvr.org/track/cmb/contextweb? was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://contextual.media.net/nrtcsync.html?type=ppt&ovsid=MRlSwzNUzdz7&ev=1&pid=560210 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?do=add&pid=561385&ev=ff50b2cee1a301e647b297e3e1c8f147 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?do=add&pid=537085&ev=C86351779038D85BD95C8BBD02ABC725 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://i.w55c.net/ping_match.gif?rurl=https%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D535039%26ev%3D_wfivefivec_ was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://ce.lijit.com/merge?pid=49&3pid=MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://eb2.3lift.com/xuid?mid=2636&xuid=MRlSwzNUzdz7&dongle=8bee was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://pre-usermatch.targeting.unrulymedia.com/pre-usermatch/pulsepoint/MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?pid=559960&ev=1&google_error=3 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?do=add&pid=547259&google_error=3 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=pulsepoint was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://rudy.adsnative.com/cm.gif?dspid=159402804&buid=MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://partners.tremorhub.com/sync?uipp=MRlSwzNUzdz7 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://sync.1rx.io/usersync2/pulse was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://ce.lijit.com/merge?pid=49&3pid=MRlSwzNUzdz7&dnr=1 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://bh.contextweb.com/bh/rtset?do=add&pid=535039&ev=gjb0iNwF1GhrG15 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[JavaScript Warning: "Request to access cookie or storage on https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8783873100 was blocked because it came from a tracker and content blocking is enabled." {file: "https://readms.net/account/recovery/25591/4c988a2735868208f40de7137331b544f2d28040a3581d195e82811c945c3f9f" line: 0}]', u'[console.log([CommentWS]: Target element not found, aborting) https://readms.net/assets/js/app.js?229029:1:18970]', u'[JavaScript Error: "Error: slot for msa-header-atf already defined" {file: "https://s.nitropay.com/ads-125.js?v=5" line: 1}]\nnitroadsFrom webcompat.com with ❤️