Good afternoon,
I'm implementing the login, and I think there is a security flaw, or the implementation is not correct.
If I copy the browser's cookies, it lets me access without having logged in. It is a security problem. The same thing will happen when I do the integration with Azure AD.
Is it going to be solved?
I attach a demonstration video: https://we.tl/t-phyQIIkoXx
BR, Dani
2 Answer(s)
-
0
It is not a security flaw.
-
0
You can try other websites, such as websites of some big companies, as long as they use cookies or other credentials stored in the front end, I believe there will be the same problem.
The security of the web is in the browser, it can be guaranteed not to be infiltrated by malicious JavaScript or other means. Such as: https://www.toptal.com/security/10-most-common-web-security-vulnerabilities
