Cache'd authentication credentials

Issue #4270 resolved
created an issue

If the user's bitbucket password has changed it should disable access using any stale cookies/cached credentials so that if leaked they can no longer be used.

Also, there should be a request for the current password to confirm that the cached credentials aren't be abused to easily change the password.

One way this might happen is for someone to distribute a VM with browser web history which a malicious user could then exploit to subvert an existing account. The mitigation would be that 1) that malicious user wouldn't be able to change the password without also knowing the password, and 2) once the legitimate user realizes this, she can change the password or clear out any cached authentications.

I realize this might change the session handling process, but perhaps these should be ephemeral anyway?


Comments (5)

  1. Jesper Noehr
    • changed status to open

    Thanks for raising this issue. You're absolutely right; it does not make sense to keep sessions lying around when you change your password.

    I've made the change now, so that when you change your password, older sessions will be immediately invalidated. While I was at it, I've also made a small page under your account settings, where you can see your current sessions. It looks like this:

    This will go out to production tomorrow.

    Leaving as open until it's been deployed.

  2. Jesper Noehr

    Nope, we recently removed that, purposely. We didn't think it was particularly helpful in general, and it was cumbersome when tied in with our new teams feature. So we decided to remove the "old password" prompt everywhere.

    The other changes have been deployed as of now.

  3. Log in to comment