'Sentry' Vulnerability in session information that has not expired

 

Step1) User requests membership approval

<Administrator sign-up approval>

 

Step2) After approval, go to the membership registration link and Create account

<Approved user accountstry to create>

 

Step3) Verifying Authorized Session Information in Response Packets

<Verifying session information for allowed users>

 

Step4) Successful account creation attempt

<Attempt to create a normal account>

 

Step5) Check your account from the members menu

<Check account creation>

 

Step6) Go to login page again

<Again Move Page>

 

Step7) Check session information through proxy

<Verify Session Information with a Proxy>

 

Step8) Change the session information to the session information used in the previous membership registration and transfer it.

<Changed to existing membership session information>

 

Step9) From now on, you can continue to register as a member without additional approval

<Success in signing up as a member>