T87062 contains a centralauth token and other interesting cookie information allowing to steal session
Closed, ResolvedPublic


Please redact the post containing cookies relevant to account security and set it to public when ready.

Rillke created this task.Jan 17 2015, 1:16 PM
Rillke updated the task description. (Show Details)
Rillke raised the priority of this task from to Needs Triage.
Rillke assigned this task to Aklapper.
Rillke added a project: Phabricator.
Rillke added a subscriber: Rillke.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 17 2015, 1:16 PM
Rillke updated the task description. (Show Details)Jan 17 2015, 6:02 PM
Rillke set Security to None.
Rillke added subscribers: Qgil, Dzahn, demon and 3 others.
hoo closed this task as Resolved.Jan 17 2015, 6:12 PM
hoo added a subscriber: hoo.

I've logged out the user so that their account can no longer be taken over with the given cookie data. Sadly I'm no longer able to hide individual posts (but that also never worked for me in Bugzilla...), so I couldn't hide the comment.
Closing as the biggest risk has been mitigated and the ticket is private now.

Thanks, Hoo :) Will @Aklapper do the remaining clean-up? Some users appear to have breaking news about the matter.