A bug bounty write-up describing a subtle data exposure vulnerability caused by the browser's Back/Forward Cache (bfcache). After logging out of a government-backed SSO system, pressing the browser back button restored the previously authenticated page from memory, revealing sensitive personal information despite the server session being fully invalidated. Standard cache-control headers don't prevent bfcache. The fix involves detecting page restoration via the `pageshow` event and forcing a reload or redirect. Classified as P4 (low severity) since no session reuse or API access is possible, but it poses a real privacy risk on shared devices.
Sort: