You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi Team,
Vulnerability class: Business logic Failure - Browser cache management and logout vulnerability.
Vulnerability Impact: Logging out from an application does not clear the browser cache of any sensitive information that has been stored.
Steps to reproduce:
1. Login to portal.
2. Browse a few tabs
3. Click Logout
4. Click the browser back button you should able to see the previous page and not only the previous page but also viewed pages in the portal by clicking back button Please find the POC attachment below.
Please refer the POC attached,
Thanks and Regards,
Venkat Malla
We are considering this as:
Privacy risk under rare circumstances as almost all info in post-auth pages are public anyway, except email address, which may be affected only if an attacker has access to browser cache of a victim.
The text was updated successfully, but these errors were encountered:
Reported to security team:
We are considering this as:
The text was updated successfully, but these errors were encountered: