Stealing Passwords via Browser Refresh

Contributed by Karmendra Kohli and restored from the old Infosecwriters.com archive.

The browser’s back and refresh features can be used to steal passwords from insecurely written applications. This paper discusses the problem and the solution. We will show how a bad guy can access the user credentials of the previously logged in user by exploiting this feature, if the web application has not been developed securely.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet