Securing the University by failure of invalidating of session

Tale of securing the university of united states.

I was seeing my linkedin and seen the post of the Letter of appreciation by the Drexel University and got the feeling of getting one but ended but up getting more then one and a hall of fame too.

Vulnerability Name: Old Session Does Not Expire After Password Change

In order to test the bugs,

I changed the password for the same account that was logged in on my other browser.

After the successful password change, I discovered that in my other browser the session is still running and even though, I can modify the information of my account.

This vulnerability was caused by me signing up for my account and forgetting that it was already signed into my other browser too.

This was the easiest Bug and will give you $$$ as it is considered as p4 in bugcrowd.

I hope you learned something new from this blog. I will write more of my findings soon so, stay tuned for my next write-up.

Thank you for reading it 😊

Linkedin : https://www.linkedin.com/in/devansh-chauhan-b36b6a1b1