Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Azure ACS - Claims URL exposed in browser history - security hole?

Found this official ACS demo http://www.fabrikamshipping.com/ while researching on ACS.
In the app itself, when logging in with one of the providers ( I chose Google ), I can see in the browser history the URL that contains the claims returned from ACS. It's the URL that starts with :

https://fabrikamshipping.accesscontrol.windows.net/v2/openid?context=pr%3dwsfederation%26rm%3dhttp%253a%252f%252ffabrikamshipping%252fcons...

Going to this URL logs me in the app, even after clearing all browser cache and cookies.
So if I log in to the app from some public computer, and then log out, my account is exposed by going to this URL in the browser history.

I know this is the standart way that ACS Identity handling works.
What am I missing here ?

like image 452
Yaron Levi Avatar asked Nov 13 '22 10:11

Yaron Levi


1 Answers

You are not missing. This URL will log you in, even all cookies are cleared. However, when going on public computer you have to be more careful about your credentials. Clearing history will wipe this URL from browsers history.

Also, I don't actually see the claims URL in my history.

Another way of protecting your personal data is using "In Private Browsing session" for the browser of your choice. Note that it is very hard for someone to see, not to mention remembering that URL. You got it, because you copied from the browser at the moment of redirecting.

like image 195
astaykov Avatar answered Dec 25 '22 23:12

astaykov