You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that would steal this cookie would be able to use it to autologin.
am0o0 Analyst
Impact
Cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that would steal this cookie would be able to use it to autologin.
Patches
TODO
Workarounds
Not using the "remember me" feature.
References
https://huntr.dev/bounties/b2e99a41-b904-419f-a274-ae383e4925f2/