Fast Feed

$20,000 Bounty: How a Leaked Session Cookie Led to Account Takeover on HackerOne

1 min read

Summary

  • Cybersecurity platform HackerOne has revealed details of a significant vulnerability that led to an ethical hacker being awarded a $20,000 bounty.
  • In November 2019, a HackerOne security analyst copied a cURL command from their browser console into a chat with a researcher, unwittingly also pasting a live session token that gave the hacker access to the analyst’s account.
  • The analyst had access to private reports and sensitive vulnerability data, which the hacker could view and exploit.
  • The vulnerability served as a reminder to always check command-line outputs before pasting them into messages, and to guard against accidental data exposure.
  • Session cookies are meant to be encrypted or set with theHttpOnly flag to prevent client-side script reading of the token.
  • In the article, the author recommends using javascript to prevent session tokens from being transmitted. If the page cannot be viewed without javascript, the session token can’t be stolen viacopy-and-paste orman-in-the-middle attacks.

By Monika sharma

Original Article