Hi, i have a question if this is an attack vector (website is german want ad branch from ebay kleinanzeigen.ebay.de prob. english site affected too):
On Computer A the browser (FF) has an open tab with the site where, when visited, user A is always signed on (because the specific site is the user panel). On Computer B user A wants to log into his account, but forgot his password. He successfully changed his password using the "forgot password" button and was able to log in. Then user A moves from Computer B to Computer A (which was off at the time user A was at Computer B) and starts its browser where he realizes that he is still logged into his account on the site without any password confirmation. As this happend to me, the question is: is this an attack vector (I assume it is) and how can I as a user protect myself? Am not really into security engineering (just non-sec-related software engineering...), so forgive my dumbness! Thanks. C. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
