When you login to a website you will be presented with a convenient choice to “Remember me for XX days”
The problem with this helpful little option is that when you allow the website to perform this action for you, there is now a cookie left on your computer that hackers can steal when you fall for…
Phishing Attacks
You click on that link and think nothing happened but you couldn’t be more WRONG: Attackers use phishing techniques to trick users into clicking on a malicious link or downloading malicious files but in many cases the attacker can compromise the user’s browser and steal cookies, including those helpful “Remember Me” cookies.
Once the attacker has the cookie, they can use it to gain access to the user’s account without needing to know their password because…
Attackers Can Exploit “Remember Me” Cookies for XX days:
- Step 1: The attacker steals or intercepts the “Remember Me” cookie via XSS, MitM attacks, or another phishing method.
- Step 2: They then inject the stolen cookie into their browser, at their location and impersonate you.
- Step 3: If the cookie is valid and the session isn’t invalidated, the attacker now has full access to the user’s account.
This Flaw Gives Hackers Access to Bank Accounts, Investment Portfolios, Email Accounts and Much More
Modern businesses need to be educated on these types of flaws because if an employee loses your, or even their, life savings while using a business computer than you could be held liable.
Cybersecurity is no joke and the littlest checkmark could cost your life savings
