Description: Through this passage , we will know that if some attackers hack into our Chase Credit Card Account without using our password as simple as a cross-site scripting, what security measures we can take .
I’m Sam Bowne. I have changed a credit card and logged into my online banking portal. As you
can see,it’s got my name, some digits of my credit card number, my balance and so on . It has a nice big red log off button, but there is a security problem at this site, because that log off button does not do what it should do.
I’ve saved this URL to view my account information in a shortcut, so I can go back to that page. I’ve also added to my Chrome with the edit this cookie extension, so I can easily copy the cookie into the clipboard.
Off that site, if I log off and attempt to go back to that page to see my account information, it will tell me I’m not allowed to get in. I need to put in a user ID and password. But if I put the cookie back in from that previous session into my browser and go to that page, I will be logged in. Then I can get back in my account.
It is a bad thing that means an attacker who stole my cookie can keep on using it to get into my account even when I’ve logged off. There are many attacks to steal cookies something as simple as a cross-site scripting. Vulnerability can be enough to make it easy for someone to steal your cookies.
What will happen When you log off？They will remove the cookies from the server so that if someone comes back and tries to use that cookie again, it’ll be rejected. I don’t understand why chase does not do that I have informed.