Project

General

Profile

Actions

Defect #19581

closed

_redmine_session cookie security flaw

Added by Marcelo Dalmao over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

Once logged in redmine , simply look for the cookie is generated and then use it to log in from another browser, without knowing your user name and password . It's a big security breach because anyone with access to copy the cookie , you can logging of that user without any approval of the person and without being detected.

Actions

Also available in: Atom PDF