Bugtraq mailing list archives
Re: Bigfoot/Bellsouth Webmail bug
From: jnj () ais-bbs org (James Nerlinger, Jr.)
Date: Fri, 8 Jan 1999 12:58:20 -0500
I seem to have found another "bug" with the Bigfoot/Bellsouth Webmail. Users can log back into the service from cached pages. This is a huge security hole, especially for users access these services from public terminals. Subsequent users can just use the back button to go back in the previous session history and log in as the previous user.
This is not uncommon in web based email & conferencing packages, however, most are authored to only allow this for a certain amount of time and to disregard the attempt if the user logged out properly. Out of curiosity, did you test this with the two variables of time and a logout? James
Current thread:
- Bigfoot/Bellsouth Webmail bug Madere, Russel (Jan 08)
- <Possible follow-ups>
- Re: Bigfoot/Bellsouth Webmail bug James Nerlinger, Jr. (Jan 08)
- Re: Bigfoot/Bellsouth Webmail bug Madere, Russel (Jan 09)