0033587: "MANTIS_STRING_COOKIE" cookie reusable after user logout

ID	Project	Category	View Status	Date Submitted	Last Update
0033587	mantisbt	security	public	2024-01-30 21:58	2024-02-14 17:16

Reporter	krecendo	Assigned To	dregad
Priority	high	Severity	major	Reproducibility	always
Status	closed	Resolution	duplicate
Product Version	1.3.20

Summary	0033587: "MANTIS_STRING_COOKIE" cookie reusable after user logout
Description	In MantisBT v1.3.20, MANTIS_STRING_COOKIE is used to authenticate for accessing the platform. MANTIS_STRING_COOKIE didn't expire and can reuse the token after user logout from the platform.
Steps To Reproduce	User login Copy "MANTIS_STRING_COOKIE" value from cookie section in application tab of browser dev tools logout Insert "MANTIS_STRING_COOKIE" value into cookie section in application tab of browser dev tools from step 2 Refresh the page and gained access
Tags	No tags attached.

duplicate of	0027976	closed	dregad	CVE-2009-20001: User cookie string is not reset upon logout
related to	0011296	acknowledged		Mantis BT is using fix cookies in the DB

dregad 2024-01-31 05:49 developer ~0068491	@krecendo This issue has been fixed in 2.24.5, see 0027976. You may also want to have a look at 0011296. Please note that MantisBT 1.3.x branch is no longer maintained; 1.3.20 was released over 4 years ago. You should seriously consider upgrading to the latest 2.x version (2.26.0 as of this writing).