Mark Dain Found a minor security vulnerability at work; some genius decided to encrypt the user ID cookie but there's no verification so it's fairly easy to tamper with (take another number from a different cookie); doing this will result in you being logged in as a different user. How do I ethically deal with this? Should I report it? Bear in mind this is a company who's fine with our SSL setup, despite the fact it's vulnerable to POODLE and others (but not heartbleed! That's the important one).
Login or register your account to reply
Martijn Note that temporing with cookies itself might be a violation of computer hacking laws. Something to keep in mind when reporting these type of leaks. The same goes for modifying query strings. While keeping that in mind it is still a good idea to disclose responsibly. Always. Just be sure not to incriminate yourself and ask permission before trying if the "theoretical" attack is possible.
7y, 49w 3 replies
Mark Dain Just in case you're not aware, I'm talking about the platform my company sells. With that out of the way, every time I report security vulnerabilities, they never get patched unless I do it myself. This would be quite a big rewrite, possibly affecting every page. Should I even bother is the question?
7y, 49w 2 replies