Top Voted Ideas: Last 30 Days
Competitive Requirement: FIDO2 "Passkeys" are the new secure website "passwords" that NSL needs to generate and store
3
Idea ID: 2784799

NNMi Broken-Authentication

Mohamed13 Mohamed13
Status : Waiting for Votes
Waiting for Votes
See status update history
The application is vulnerable to broken-authentication after change password which doesn’t invalidate all active sessions for the same user which allows the same account to be navigated with two different sessions and two different passwords. This can increase possibility of user’s account hijacking


Reproduce scenario:
1- Login using Username and Password
2- Change The User Account Password
3- Leave Current Session Open and Open new Browser session then Login using the New Password
4- You will have two Opened Sessions with different Passwords

Expected Scenario:
1- Login using Username and Password
2- Change The User Account Password
3- System Should End the session and Ask the user to login again with the new password
4- All opened sessions are using the New Password

Tags:

Resources

Support
Documentation
Learning Services
CyberRes Academy
Partner Programs
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Conduct
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.