The purposes of the login page development is pentesting for the any vulnerability and finding how to patch them.
- Flask-login, user session management and authentication
- Flask-SQLAlchemy, user information storage and database operations
The secret key can be found when it is weak and predictable by using flask-unsign
tool. The output of the tool includes decoding cookie content and secret key. After changing the cookie data, another session becomes accessible.
The user_id part of the decoded cookie is changed to 3 and signed with a previosly found secret key.
Attacker can access other users session with tampered cookie.
As mitigation, secret key must random and long enough. The commands shown in the image can be given as an example of secret key generation.
- TODO: coming soon