Bug #128
Session Fixation Vulnerability
| Status: | Closed | Start date: | 01/02/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | Sven Vetsch | % Done: | 100% |
|
| Category: | Vulnerability | Spent time: | 0.10 hour | |
| Target version: | 0.0.1 |
Description
The web interface is vulnerable to session fixation attacks.
The session ID of a user needs to be regenerated at least after each successful login.
More details will not be made public available for security reasons.
History
Updated by Sven Vetsch about 2 years ago
- Status changed from New to Resolved
- Assignee changed from Marcel Koßin to Sven Vetsch
- % Done changed from 0 to 100
Fix should work but I did no review ;P
Updated by Sven Vetsch about 2 years ago
- Status changed from Resolved to Closed