Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

same session used in the APIM dev portal after user login and after user logout #1648

Closed
dinuka10 opened this issue Mar 24, 2023 · 0 comments
Closed

same session used in the APIM dev portal after user login and after user logout #1648

dinuka10 opened this issue Mar 24, 2023 · 0 comments
Assignees
@DinithHerath
Labels
4.3.0-M1 4.3.0 M1 Milestone 4.3.0 Affected/APIM-3.1.0 Type/Bug

Comments

@dinuka10
Copy link

dinuka10 commented Mar 24, 2023
edited
Loading

Description

same sessionID used in the APIM dev portal after user login and after user logout according to the cookie details through the browser. This could be a security risk since an attacker might be able to misuse the session id and perform session fixation attacks.

Steps to Reproduce

1.) Check the Cookies information as per the below screenshot after login to the devportal
224781019-8aabb02b-a591-4c48-8f4b-3975823ed05a (1)

2.) Check the Cookies information as per the below screenshot after logout from the devportal
224781057-e611efed-d0ea-429d-a3f9-02fd37fe520b (1)

Affected Component

APIM

Version

3.1.0

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

security
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DinithHerath DinithHerath

Labels
4.3.0-M1 4.3.0 M1 Milestone 4.3.0 Affected/APIM-3.1.0 Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DinithHerath @dinuka10 @GihanAyesh