Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- The client persists authentication cookies to a fixed file path under /root without any encryption, permission hardening, expiry handling, or user disclosure. If the host is shared or compromised, those cookies can be reused to access the user's music account session and personalized data without re-authentication.
