umbraco ver 7x backoffice security issue - Using Umbraco 7 - our.umbraco.com

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

bobby kc 4 posts 24 karma points

Dec 10, 2015 @ 15:55

0

Umbraco Ver 7x backoffice security issue

We have our client reported a security issue in backoffice.

Reproduce: 1. Login to back office and copy session cookie value UMBUCONTEXT 2. Logout using logout button 3. Using any browser cookie editor create session cookie UMBUCONTEXT with the value copied ealier. 4 Now go to any page in back office and user will be able to access without login.

This is a big security issue, is there any fix/hack for this issue?

Copy Link
bobby kc 4 posts 24 karma points

Dec 14, 2015 @ 14:48

0

Anybody there to help, how i can clear UMB_UCONTEXT server session on logout

Copy Link
is working on a reply...

Please Sign in or register to post replies

Write your reply to:

Editor

Preview

Draft