Hello there,
There is a possible vulnerability in the Google Chrome for desktop use. Google chrome can be used to provide unauthorized access to certain websites. As of now I have managed to find out the use of 'Inspect page' option of Google Chrome to get an unauthorized access to the Instagram profile. To be frank I understand that this vulnerability is issue for the Instagram and not chrome but somehow I think Chrome can be used by unethical hackers to gain access to a secure website by just using a small trick. I apologize if this issue is not that risky but I needed to talk with you guys as I don't understand what to do further.
VULNERABILITY DETAILS:
As I said earlier, Google Chrome can be used to gain unauthorized access to someone's account by using the cookies that website stores on the client side. I have tested this on website 'Instagram'. By using the 'sessionid' information only, I can gain access to the website without using username and password of that user. This is somehow an unethical use of Google Chrome. I feel that this feature of Google Chrome shouldn't be made visible to public.
VERSION:
Chrome Version: Version 59.0.3071.115 (Official Build) (32-bit)
Operating System: Windows 7 Service Pack 1
REPRODUCTION CASE:
To reproduce this issue, these are the few steps:
1. When a user is logged in, by going to 'Inspect page->Application->Cookies' we can obtain sessionid,value and session expiry of that user.
2. This information can be copied locally to the notepad.
3. Now, even after the user has been logged out, to gain access to their account, just create a sessionid field in the cookies section of that website, and paste the value and expiry in the given columns.
4.Now close the Inspect option and refresh the web page, home page of that user gets loaded.
This cookie data can be used for 2-3 months as they have expiry date of 2-3 months in general. This is a serious issue and I think Google can make better security mechanism that forbids a user from using Chrome for unethical purposes.
I have tested the same by clearing all the local data, history and cookie information from chrome and still can reproduce the issue every time. The user can also be changed dynamically without logging out just by changing session information in inspect page option.
I have attached a series of screenshots for the above procedure. As a student, I expect google to guide me further and help me in this issue.
Regards.
|
Deleted:
Step 1.jpg
155 KB
|
|
|
Deleted:
Step 2.jpg
250 KB
|
|
|
Deleted:
Step 3.jpg
265 KB
|
|
|
Deleted:
Step 4.jpg
182 KB
|
|
|
Deleted:
Step 5.jpg
203 KB
|
|
|
Deleted:
Step 6.jpg
246 KB
|
|
|
Deleted:
Step 7.jpg
262 KB
|
Comment 1 by elawrence@chromium.org
, Jul 25 2017Summary: Security: Stealing cookies via DevTools from one machine allows login from another (was: Security: Possibility of Chrome browser to be used unethically)