KEMBAR78
Improper Cache Control | PDF
Scribd
Upload
50 views1 page

Improper Cache Control

The document describes a vulnerability related to improper cache-control settings on sensitive web pages, which can allow browsers and proxies to cache sensitive content. This can lead to unauthorized access to user information even after logout, posing a risk of phishing and reputational damage. The recommended remediation is to implement proper security headers to prevent caching after session termination.

Uploaded by

piyushcyber9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
50 views1 page

Improper Cache Control

The document describes a vulnerability related to improper cache-control settings on sensitive web pages, which can allow browsers and proxies to cache sensitive content. This can lead to unauthorized access to user information even after logout, posing a risk of phishing and reputational damage. The recommended remediation is to implement proper security headers to prevent caching after session termination.

Uploaded by

piyushcyber9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Vulnerability - Improper Cache-Control on sensitive Page

-----------------------------------------------------------------------------------
-----------------------------------------------------------

Description - The cache-control and pragma HTTP header have not been set properly
or are missing allowing the browser and proxies to cache content.
-----------------------------------------------------------------------------------
-----------------------------------------------------------

Steps to reproduce -

1 - Go to the URL
2 - Login using the desired credentials
3 - Open any sensitive page like (account / settings /profile )
4 - Click on the Logout button
5 - Press the back button of the browser
6 - User's sensitive information will be visible on the page
-----------------------------------------------------------------------------------
-----------------------------------------------------------

Impact - When sensitive data is being stored and transmitted by the application
which does not have the `Cache-Control` header,
an advanced attacker can access the sensitive data, phish users and cause
reputational damage to the business.
-----------------------------------------------------------------------------------
-----------------------------------------------------------

Remediation -

Add the security headers that will prevent the site's cache to get loaded again
after the session has been terminated.
-----------------------------------------------------------------------------------
-----------------------------------------------------------

You might also like