After a thunder Member loses the password, the password is changed. The existing cookis does not expire and can still be sent to another user's computer from the original keystore (ie browser]. The cookis.txt file sent by the IE browser can still be imported into the keystore.
From the thunder offline download page, you can go to the thunder personal center and view any private information on the thunder Network Disk.
This cookis will not expire even after the thunder Member changes the password.
Proof of vulnerability:
Use another computer to import cookis
The offline download page is displayed.
Download from original server
After creating a task on the offline Download Page
Point to retrieve local
Go to the thunder personal center from the offline download center page
Www.2cto.com
Create an offline task and save it to the online storage,
Click to go to the online storage.
So there is no privacy.
Re-declare that this cookis will not expire even after the user of thunder changes the password
Solution:
We recommend that you strengthen the management of your user accounts in the future. How can this problem be solved?
Author xiaoxian