SecureLogin Idea Exchange

Idea ID: 2784799

NNMi Broken-Authentication

Mohamed13

Status: Waiting for Votes

Waiting for Votes

See status update history

over 4 years ago

The application is vulnerable to broken-authentication after change password which doesn’t invalidate all active sessions for the same user which allows the same account to be navigated with two different sessions and two different passwords. This can increase possibility of user’s account hijacking

Reproduce scenario:
1- Login using Username and Password
2- Change The User Account Password
3- Leave Current Session Open and Open new Browser session then Login using the New Password
4- You will have two Opened Sessions with different Passwords

Expected Scenario:
1- Login using Username and Password
2- Change The User Account Password
3- System Should End the session and Ask the user to login again with the new password
4- All opened sessions are using the New Password

Tags:

Other

Resources

Support

Documentation

Learning Services

Partner Programs

Privacy

Compliance

Help

Company

Accessibility
Anti-Slavery Statement

Support
Contact Us

Careers
Code of Business Conduct and Ethics

The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.

Menu

SecureLogin Idea Exchange

Labels

NNMi Broken-Authentication

Tags:

Resources