Posted 15 November 2018, 12:19 am EST
We are using ActiveReports WebViewer to view the report. Internally ActiveReports is caching the report using some token and this token is available in Internet Explorer Developer tool network tab while fetching the report.
Copied the URL from the network tab and logged out from the application.
URL looks something like this
http://localhost:53848/ActiveReports.ar12?Token=[b]8c22f81d-fe07-44b3-863a-a14707d8b019[/b]&Generation=1&Page=1&WebViewerControlClientId=DNAprofitWebViewer12&HtmlViewer=true
Now once again signed on to the application as a different user and tried to access the URL copied from the previous session.
Now ActiveReports returns the same report. In this response some other user’s
report is fetched. This becomes Privilege Escalation using an Under-Privileged User security issue.
Kindly suggest option to kill the session or token on closing the viewer.
Thanks,
Hariharan R