Vulnerability Name: Profile Update Without Proper Authentication Medium

Description
 During the testing of the application, it was observed that an authenticated user can
modify their profile information and the changes persist even if the user logs out
and logs back in with a different session. Specifically, after capturing the profile
update request in a proxy tool (e.g., Burp Suite), the user was able to manipulate
the request to change their profile name to "Hacked." Upon logging back into the
application, the profile name remained as "Hacked," indicating that the application
does not properly validate or enforce changes to user profiles.
Impact
 Unauthorized Modification: An attacker can exploit this vulnerability to make
unauthorized changes to user profiles, potentially impacting the application's
integrity and trustworthiness.
 Session Hijacking Risk: The ability to change profile details without re-authentication
or additional checks suggests that session management might be insufficient,
potentially allowing attackers to hijack or impersonate other users.
 Reputational Damage: If malicious changes are made to profile details, it could lead
to reputational damage, loss of user trust, and possible legal consequences if
personal data is compromised.
Proof of Concept

Fig 1. User visits the application and clicks on Log in.

 Fig 2. User Enters email address and password and clicks on Login.

Fig 3. User clicks on Edit Profile.

Fig 4. User changes Profile Name enters Password and clicks on Save Updated Account.
Fig 5. User captures the request in proxy and sends it to repeater.

Fig 6. User Observes the request.

Fig 7. User than clicks on Log Out.

 Fig 8. User than Logs Out of the application.

Fig 9. User than Changes the first name to Hacked and clicks on send.

Fig 10. User than again logs into the application.

Fig 11. We can see that profile name has been has been changed to hacked even when the
user was logged out.

Fig 12. Name changed to Hacked.

Remediation Guidance
 Session Validation: Implement strong session management controls to ensure that
profile updates and sensitive actions require the user to be authenticated and
authorized properly.
 Profile Update Verification: Ensure that changes to user profiles are validated
against the user's current session or token to confirm that the request is legitimate
and initiated by the authenticated user.
 Audit Logging: Introduce detailed audit logging for profile changes and sensitive
operations, including timestamps, user IDs, and change details, to facilitate tracking
and investigation of unauthorized actions.
 Input Validation and Security Controls: Apply input validation and other security
measures to ensure that profile update requests are processed securely and that
input is sanitized to prevent tampering.
 Session Expiry Handling: Ensure that session handling and expiration policies are
robust and that user sessions are invalidated upon logout to prevent session fixation
or reuse attacks.