|
|
|
|
|
|
by SandwichTeeth
2855 days ago
|
|
|
I found an submitted a bug once through bugcrowd to a very well known company where a session cookie could be used for complete account takeover even after the user had signed out etc. I was blown away when I got the "duplicate" response for a submission that was almost a year old. I wonder if they've ever fixed it... |
|
|