[talk] Cyber False Login
Sujit K M
kmsujit at gmail.com
Wed Dec 27 23:24:11 EST 2017
Hi All,
I have recently been working in my free time on an security flaw which
might have not been reported thus far or major sites don't test.
Say there is an site A dependent on site B for login. Now say a person
P log's into A and doesn't logout. Say now some else gets access to the
machine and deploys locally his own site which is dependent on site B
for login. He can get information regarding Person P.
I checked with some of the popular sites but this doesn't seem to be
possible, what could be the reason.
Regards,
Sujit K M
More information about the talk
mailing list