Bitcoin Forum
December 14, 2019, 01:57:19 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Session key: can it be abused?  (Read 132 times)
LoyceV
Legendary
*
Offline Offline

Activity: 1694
Merit: 5327


ArtIst > AI rtst


View Profile WWW
September 19, 2019, 07:24:25 PM
 #1

If someone gets access to someone else's session key (on Bitcointalk SMF), can that be abused? I've tried to do something with it in a private window, but get this:
Quote
Session verification failed. Please try logging out and back in again, and then try again.
Is this enough to assume there's no risk in leaking a session key, or did I overlook something?

1576288639
Hero Member
*
Offline Offline

Posts: 1576288639

View Profile Personal Message (Offline)

Ignore
1576288639
Reply with quote  #2

1576288639
Report to moderator
1576288639
Hero Member
*
Offline Offline

Posts: 1576288639

View Profile Personal Message (Offline)

Ignore
1576288639
Reply with quote  #2

1576288639
Report to moderator
"You Asked For Change, We Gave You Coins" -- casascius
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1576288639
Hero Member
*
Offline Offline

Posts: 1576288639

View Profile Personal Message (Offline)

Ignore
1576288639
Reply with quote  #2

1576288639
Report to moderator
1576288639
Hero Member
*
Offline Offline

Posts: 1576288639

View Profile Personal Message (Offline)

Ignore
1576288639
Reply with quote  #2

1576288639
Report to moderator
1576288639
Hero Member
*
Offline Offline

Posts: 1576288639

View Profile Personal Message (Offline)

Ignore
1576288639
Reply with quote  #2

1576288639
Report to moderator
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3598
Merit: 7354


View Profile
September 19, 2019, 07:29:45 PM
Merited by LoyceV (1)
 #2

If someone has your session key, they can try CSRF attacks against you until the key expires. You should keep it secret.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
morvillz7z
Hero Member
*****
Offline Offline

Activity: 574
Merit: 1044


https://bitcoin.watfordfc.com


View Profile
September 19, 2019, 07:40:23 PM
 #3

Hmm, I also got that same exact error at least half a dozen times today trying to edit some of my messages or to quote someone. I recall this being the first time i encounter "Session verification failed". I can also see it being reported multiple times over the years.

Should i be concerned about it and is there anything i can do?

  ▄▄█████▄▄███████▄▄
███████████
     ▀▀███▄
█████████████        ▀██▄
█████████████          ██▄
███████████            ██▄
██▀▀█████▀▀              ██
██                       ██
██                       ██
▀██                     ██▀
▀██                   ██▀
 ▀██▄               ▄██▀
   ▀███▄▄       ▄▄███▀
      ▀▀█████████▀▀
██████████████████████
██████████████████████
██████████████████████
██████████████████
████████████████████
██████████████████████
██████████████████
▀██████████████████████▀
▀██████████████████▀
▀██████████████▀
▀██████████▀
▀████▀
▀██▀
MAIN CLUB
PARTNER of
W A T F O R D  FC
Industry Leading Crypto Sportsbook
|
DAILY
PROMOS
& BOOSTS
|
PLAY
POKER
& CASINO
|
▄▄█████████▄▄
▄█████████████████▄
▄██████████▀▀▀▀███████▄
▄█████████▀     ████████▄
▄██████████   ████████████▄
█████████        ██████████
█████████▄▄   ▄▄███████████
███████████   █████████████
▀██████████   ████████████▀
▀█████████   ███████████▀
▀████████▄▄▄██████████▀
▀█████████████████▀
▀▀█████████▀▀
[/cent
TECSHARE
Legendary
*
Online Online

Activity: 3080
Merit: 1563


First Exclusion Ever


View Profile WWW
September 19, 2019, 07:48:45 PM
Last edit: September 19, 2019, 08:29:25 PM by TECSHARE
 #4

Hmm, I also got that same exact error at least half a dozen times today trying to edit some of my messages or to quote someone. I recall this being the first time i encounter "Session verification failed". I can also see it being reported multiple times over the years.

Should i be concerned about it and is there anything i can do?

This is a normal event if you leave a tab open for a long time. No action is needed, just reload the page (from a direct link not a refresh).


██   ██   ██████████
 
  ██   █████████████
 
   ██   ████████████
 
 ██   ██   █████████
 
   ██   ████████████
 
      ██   █████████
██████  ██
██
██
██
██
██
██
██
██
██
██
██
██████  ██
.Blockchain.com.do.██  ██████
        ██
        ██
        ██
        ██
        ██
        ██
        ██
        ██
        ██
        ██
        ██
██  ██████
      ▄▄▄▄▄▄▄▄▄▄▄▄▄
▀ ▀ ▀▀█   █       █▄
 ▀ ▀▀▀█▄▄▀      ▄█ ▄▀█▄
   ▀ ▀█▄▄       ██ ▄▀██▀▄
  ▀ ▀▀█  ▀▄      ▀▄▄█▀   ▀▄
 ▀▀ ▀ █▄▄▄█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▄
 ▄▄▄▄▄▄▄▄▄▄▄      █▄▄▄▄▄▄▄▄▄█
 █▄▄▄▄▄▄▄▄▄█▄▄▄▄▄▄▄▄▄▄▄▄
  ▀▄     ▄▄▄       █   █▀▀ ▀ ▀
    ▀▄ ▄█ ▄▄█▄      ▀▄▄█▀▀▀ ▀
      ▀██▄▄ ██       ▄▄█▀ ▀
        ▀▄▄▄▀      ▄▀  █▀▀ ▀
          ▀▄▄▄▄▄▄▄▄█▄▄▄█ ▀ ▀▀
██████  ██
██
██
██
██
██
██
██
██
██
██
██
██████  ██
.Exchange Bitcoin Quickly.██  ██████
        ██
        ██
        ██
        ██
        ██
        ██
        ██
        ██
        ██
        ██
        ██
██  ██████




██████████   ██   ██
 
█████████████   ██
 
████████████   ██
 
█████████   ██   ██
 
████████████   ██
 
█████████   ██
LoyceV
Legendary
*
Offline Offline

Activity: 1694
Merit: 5327


ArtIst > AI rtst


View Profile WWW
September 19, 2019, 08:01:16 PM
 #5

You should keep it secret.
Thanks, that's what I thought. I just found out I've been sharing LoyceBot's session keys since April.

I disabled this scraper, then logged out and logged in again. I think I'm good now.



I'll lock this thread soon.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!