إرسال #53898: Zenario CMS 9.3.57595 has Session Fixation vulnerabilityالمعلومات

عنوان	Zenario CMS 9.3.57595 has Session Fixation vulnerability
الوصف	Description: In Zenario CMS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with. The product(s): https://zenar.io Affected product(s)/code base: https://github.com/TribalSystems/Zenario Affected component(s): /Zenario-9.3.57595/zenario/admin/welcome.ajax.php Tested version: Zenario-9.3.57595
المصدر	⚠️ https://github.com/lithonn/bug-report/tree/main/vendors/tribalsystems/zenario/session-fixation
المستخدم	leecybersec (UID 36724)
ارسال	30/11/2022 09:02 AM (4 سنوات منذ)
الاعتدال	30/11/2022 11:45 AM (3 hours later)
الحالة	تمت الموافقة
إدخال VulDB	214589 [Tribal Systems Zenario CMS 9.3.57595 Remember Me توثيق ضعيف]
النقاط	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!