Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The client persists authenticated session cookies to a local JSON file in plaintext without access controls, encryption, or user warning. If the file is read by another local user, malware, or inadvertently committed/shared, an attacker may be able to hijack the user's authenticated 12306 session.
