Description: This article is talking about the vulnerability of the Chase credit card account, it shows how can others hack into your chase account without using the password which is a terrible thing.
I have a changed credit card and I have logged into my online banking portal here, as you can see, it’s got my name and some digits of my credit card number and my balance, it also has a red log off button.
There is a security problem at this site because that log off button does not work, now I’ve saved this URL to view my account information here in a shortcut so I can go right back to that page. I’ve also added to my Chrome with the edit this cookie extension so I can easily copy the cookie into the clipboard off that site and now if I log off and then attempt to go back to that page to see my account information, it tells me I’m not allowed to get in there.
I need to put in a user ID and password, but if I put the cookie back in from that previous session into my browser and then go to that page I’m now logged in again, I can get back in my account, this is a bad thing.
This means an attacker who stole my cookie can keep on using it to get into my account even when I’ve logged off and there are many attacks to steal cookies something as simple as a cross-site scripting.
It is easy for someone to steal your cookies and there are other techniques, so what should happen is that when you log off, they should remove the cookie from the server so that if someone comes back and tries to use that cookie again it’s rejected. I have informed them of this vulnerability but they have not fixed it.