Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V3 - Session Management

Old Session do not invalidate after password change

POC

  1. Login as UserA
  2. Intercept one of the authenticated requests and send to Burp repeater
  3. Change the password with password reset or any other functionality
  4. Send the intercepted request in Burp Repeater again and observe the session is not validated

Impact

Low

Likelihood

Low