| Title | Engineers Online Portal Web 1.0 After the password change user must be logged out |
|---|
| Description | Dear Janno palacios,
I hope this message finds you well.
I would like to express my gratitude for your valuable time and attention.
My brother and I have successfully identified a medium-level vulnerability, "After the password change user must be logged out", within your Engineers Online Portal Application.
Consequently, I am writing this email to provide you with a comprehensive Proof of Concept, including a video demonstration and relevant screenshots.
Furthermore, I would like to kindly request your consideration in assigning a CVE identifier to this discovery. I have attached a previous example for the same application for your reference.
Link for the previous CVE https://vuldb.com/?id.249182
Thank you once again for your time, and I look forward to your response.
Sincerely,
Ahmed Hassan
-----
The user should be logged out from all open sessions after changing the password cause this is a process the user does to protect his account in case any attacker is inside his/her account.
So by changing the password, all users must authenticate themselves again. In this way, the hacker will be thrown out of the session and the user can protect his/her account.
after the password change user must be logged out
let see :)
As you can see i have not been logged out from any session.
Whether from the current or from the private browser.
Thank you for watching :) |
|---|
| Source | ⚠️ https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo |
|---|
| User | ahmed8199 (UID 60803) |
|---|
| Submission | 01/02/2024 15:19 (2 years ago) |
|---|
| Moderation | 01/06/2024 09:30 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 249816 [SourceCodester Engineers Online Portal 1.0 Password Change change_password_teacher.php session expiration] |
|---|
| Points | 20 |
|---|