| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jun 2014 20:21:44 +0200 From: "Christian K." <waffenklang@...glemail.com> To: fulldisclosure@...lists.org Subject: [FD] Session Hijack Vulnerabilty on ebays german want ad? Hi, i have a question if this is an attack vector (website is german want ad branch from ebay kleinanzeigen.ebay.de prob. english site affected too): On Computer A the browser (FF) has an open tab with the site where, when visited, user A is always signed on (because the specific site is the user panel). On Computer B user A wants to log into his account, but forgot his password. He successfully changed his password using the "forgot password" button and was able to log in. Then user A moves from Computer B to Computer A (which was off at the time user A was at Computer B) and starts its browser where he realizes that he is still logged into his account on the site without any password confirmation. As this happend to me, the question is: is this an attack vector (I assume it is) and how can I as a user protect myself? Am not really into security engineering (just non-sec-related software engineering...), so forgive my dumbness! Thanks. C. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists