Fortinet Discovers Broken Authentication & Session Management Vulnerability in Google's Bug-Tracking System
Fortinet's FortiGuard Labs has discovered a Broken Authentication & Session Management Vulnerability in Chromium's Monorail-based Bug-Tracking-System [bugs.chromium.org].
A Broken Authentication & Session Management Vulnerability has been discovered in bugs.chromium.org. The vulnerability is caused due to a Non-Implementation of immediate Cross-Origin Logout using token re-validation with the original authentication authority. The victim is logged out after a delay of 5 minutes during which an attacker could easily access confidential Zero-Day vulnerabilities (reported by the victim) by leveraging this vulnerability. The issue has been acknowledged by Google, but categorized as Wont-Fix as it is working as intended/by-design and the fix needed is not scalable or robust.
The vulnerability still exits because Google won't fix it.
The link and video in Reference can provide the step-by-step details for the vulnerability.
This vulnerability was discovered by Kushal Arvind Shah of Fortinet's FortiGuard Labs.