Vulnerability in https://demo.mailpile.is/C/auth/login/

Question

Vulnerability in https://demo.mailpile.is/C/auth/login/

DEV696 opened this issue 3 years ago · 3 comments

I have identified a session fixation vulnerability, below is the steps to reproduce:

Step 1: Browse the application https://demo.mailpile.is/C/auth/login/ in any browser and intercept the request over proxy.
Step 2: Now observe the cookie "Cookie: 8MQqWfxkHjuN=YP9UgMJ7cCpfkxdL3fZkoEKBIIUFPjMq"
Step 3: Now login into the application and again intercept the request of an authenticated page.
Step 4: Now again observe the cookie "Cookie: 8MQqWfxkHjuN=YP9UgMJ7cCpfkxdL3fZkoEKBIIUFPjMq"
Step 5: The session cookie is same prior and post authentication which makes the application vulnerable to session fixation.

Reference Link:
https://owasp.org/www-community/attacks/Session_fixation

Mitigation/Patch
If you assign a new session when someone logs in, this flaw should be fixed.

Answer 1 · 2021-10-19T07:37:05.000Z

Hi Mailpile team,

Can you please share an update on this ?

Answer 2 · 2021-12-03T17:31:34.000Z

Can someone please share any progress on this ?

Answer 3 · 2022-01-27T12:09:09.000Z

Thank you for reporting this. However, I do not believe this is a real vulnerability.

If you are in a position to intercept the cookie or inject the Javascript necessary to exploit this, you may as well just steal the user's passphrase.

Please feel free to correct me if you actually have a working exploit. Thanks!