[SEC-001] Broken Authentication - `rengginang` cookies doesn't change after login or logout
Description
rengginang cookies is session cookies that used by PHP to identify the client. This cookie is used by authentication module as access control. This cookie is not change when user has login to the application and after user logs out the application. This is dangerous because it raises Broken Authentication vulnerability to the application.
Severity
This bug has severity HIGH
Affected Url
/auth/login/auth/logout
Attachment
Before Login
After Login
After Logout
Edited by Bayu Samudra