[talk] Cyber False Login

Sujit K M kmsujit at gmail.com
Wed Dec 27 23:24:11 EST 2017


Hi All,

I have recently been working in my free time on an security flaw which
might have not been reported thus far or major sites don't test.

Say there is an site A dependent on site B for login. Now say a person
P log's into A and doesn't logout. Say now some else gets access to the
machine and deploys locally his own site which is dependent on site B
for login. He can get information regarding Person P.

I checked with some of the popular sites but this doesn't seem to be
possible, what could be the reason.

Regards,
Sujit K M




More information about the talk mailing list