[CKAN-Security] Auth_tkt Cookie Spoofing

Shubham Mahajan mr.shubhammahajan at gmail.com
Mon Jul 22 09:00:03 UTC 2019 

Hi Team

I am really looking forward to an update in the form of an acknowledgement
or a timeline to fix.



On Sun, Jun 30, 2019 at 8:23 PM Shubham Mahajan <mr.shubhammahajan at gmail.com>
wrote:

> Hi Adrià,
>
> I have tested this scenario with different methods and want to discuss
> with your team.
> Let me know if you have any questions.
>
>
> On Tue, Mar 12, 2019 at 5:00 PM Shubham Mahajan <
> mr.shubhammahajan at gmail.com> wrote:
>
>> Hi Adrià,
>>
>> Any update on the below one?
>>
>> On Tue, Feb 19, 2019 at 5:51 PM Adrià Mercader <adria.mercader at okfn.org>
>> wrote:
>>
>>> Thanks for the report Shubham,
>>> The tech team will assess this and come back to you as soon as possible.
>>>
>>> Best Regards,
>>>
>>> Adrià
>>>
>>>
>>> On Tue, 19 Feb 2019 at 14:15, Shubham Mahajan <
>>> mr.shubhammahajan at gmail.com> wrote:
>>>
>>>> Hi Team,
>>>>
>>>> I was going through my project and found out security issue in the CKAN
>>>> core.
>>>>
>>>> ### CKAN Version if known (or site URL)
>>>> ckan - 2.7.2 and https://demo.ckan.org/
>>>>
>>>> ### Please describe the expected behaviour
>>>> The cookie should be invalidated if it is copied from other location or
>>>> other device or when the user logged out from the device.
>>>>
>>>> ### Please describe the actual behaviour
>>>> Once you logged into the CKAN, the cookie auth_tkt is generated. If I
>>>> copy this cookie or the attacker got the cookie and open a fresh ckan
>>>> portal and embedded the same cookie, its allowing to login to ckan portal.
>>>> Even if you logout and use the old cookie, it will allow you to login.
>>>> Tested in demo.ckan.org also.
>>>>
>>>> ### What steps can be taken to reproduce the issue?
>>>> 1. Login to demo.ckan.org
>>>> 2. Copy auth_tkt cookie.
>>>> 3. Paste that cookie in any other machine or browser or private mode.
>>>>
>>>> It will log you in.
>>>>
>>>> *Even if you logout and login again and logout and use the old cookie,
>>>> its still working.
>>>>
>>>> --
>>>> Regards,
>>>>
>>>> Shubham Mahajan
>>>>
>>>> _______________________________________________
>>>> CKAN security
>>>> https://lists.okfn.org/mailman/listinfo/security
>>>>
>>>> https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
>>>>
>>>> Repo: https://github.com/ckan/ckan-security
>>>
>>>
>>
>> --
>> Regards,
>>
>>
>> *Shubham Mahajan *
>>
>
>
> --
> Regards,
>
>
> *Shubham Mahajan *
>


-- 
Regards,


*Shubham Mahajan *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190722/68ae7785/attachment.html>

More information about the Security mailing list