Bazar Insufficient Session Expiration

2018.04.09
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[-] Exploit Title: Bazar Insufficient Session Expiration [-] Vendor Home Page : https://cafebazaar.ir [-] Author : Milad Ahmadi [-] Email : info@securityhub.ir [-] Date : 2018-04-09 [-] Version : 7.15.5 --------------------------------------------------------------------- [ Description ] Bazaar is the most popular android app store in Iran with more than 20000 published applications. This app is vulnerable to insufficient session expiration. According to this vulnerability when users sign out from app the session does not become invalidated, and user can replace past session in order to sign in without entering username and pass --------------------------------------------------------------------- Telegram channel : @guardiran_org Twitter : @securityhubir Thanks to : Mownten,REX,dr-iman and all Guardiran security team members


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top