You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Before any response being rendered on the web page, a cookie is being set as part of response via Set-Cookie header.Currently due to improper implementation, multiple cookies (3-5) are being set when a user successfully logs in, which isn't an expected behavior.Now when the next user logs into the application using the same browser, the last user's last cookie is being set as the present user's first cookie.
To Reproduce
Login into the application, capture the response (Live HTTP header addon for firefox)
Multiple Set-Cookie headers will be present in the response
Exploitation
Actors-
User A (Victim)
User B (Attacker)
User B logs into the application, captures his own Cookies & logs out.
User B's cookie :
Set-Cookie: ZMSESSID=rrnilufc9vgb3cp0l2m7cqrc91; path=/; HttpOnly
Set-Cookie: ZMSESSID=blkta1mgocj5ksqdg5ncpdptg3; path=/; HttpOnly
Set-Cookie: ZMSESSID=blkta1mgocj5ksqdg5ncpdptg3; path=/; HttpOnly
Set-Cookie: ZMSESSID=blkta1mgocj5ksqdg5ncpdptg3; path=/; HttpOnly
Set-Cookie: ZMSESSID=p79d4mk2g6sm5qi6o51ep6j6m5; path=/; HttpOnly - Common to User A's First cookie
User A Uses the same browser & log into the application.
User A's cookie -
Set-Cookie: ZMSESSID=p79d4mk2g6sm5qi6o51ep6j6m5; path=/; HttpOnly - Common to User B's Last cookie
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Describe Your Environment
Describe the bug
Before any response being rendered on the web page, a cookie is being set as part of response via Set-Cookie header.Currently due to improper implementation, multiple cookies (3-5) are being set when a user successfully logs in, which isn't an expected behavior.Now when the next user logs into the application using the same browser, the last user's last cookie is being set as the present user's first cookie.
To Reproduce
Login into the application, capture the response (Live HTTP header addon for firefox)
Multiple Set-Cookie headers will be present in the response
Exploitation
Actors-
User B's cookie :
Set-Cookie: ZMSESSID=rrnilufc9vgb3cp0l2m7cqrc91; path=/; HttpOnly
Set-Cookie: ZMSESSID=blkta1mgocj5ksqdg5ncpdptg3; path=/; HttpOnly
Set-Cookie: ZMSESSID=blkta1mgocj5ksqdg5ncpdptg3; path=/; HttpOnly
Set-Cookie: ZMSESSID=blkta1mgocj5ksqdg5ncpdptg3; path=/; HttpOnly
Set-Cookie: ZMSESSID=p79d4mk2g6sm5qi6o51ep6j6m5; path=/; HttpOnly -
Common to User A's First cookie
User A's cookie -
Set-Cookie: ZMSESSID=p79d4mk2g6sm5qi6o51ep6j6m5; path=/; HttpOnly -
Common to User B's Last cookie
Set-Cookie: ZMSESSID=2397j5pchtgt153ukrmutgbmv1; path=/; HttpOnly
Set-Cookie: ZMSESSID=2397j5pchtgt153ukrmutgbmv1; path=/; HttpOnly
Set-Cookie: ZMSESSID=2397j5pchtgt153ukrmutgbmv1; path=/; HttpOnly
Set-Cookie: ZMSESSID=eg5hvsn3i67n34fibt5nq7lbu6; path=/; HttpOnly
Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: