We have our client reported a security issue in backoffice.
Reproduce:
1. Login to back office and copy session cookie value UMBUCONTEXT
2. Logout using logout button
3. Using any browser cookie editor create session cookie UMBUCONTEXT with the value copied ealier.
4 Now go to any page in back office and user will be able to access without login.
This is a big security issue, is there any fix/hack for this issue?
Umbraco Ver 7x backoffice security issue
We have our client reported a security issue in backoffice.
Reproduce: 1. Login to back office and copy session cookie value UMBUCONTEXT 2. Logout using logout button 3. Using any browser cookie editor create session cookie UMBUCONTEXT with the value copied ealier. 4 Now go to any page in back office and user will be able to access without login.
This is a big security issue, is there any fix/hack for this issue?
Anybody there to help, how i can clear UMB_UCONTEXT server session on logout
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.