Invia #53898: Zenario CMS 9.3.57595 has Session Fixation vulnerabilityinformazioni

TitoloZenario CMS 9.3.57595 has Session Fixation vulnerability
DescrizioneDescription: In Zenario CMS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with. The product(s): https://zenar.io Affected product(s)/code base: https://github.com/TribalSystems/Zenario Affected component(s): /Zenario-9.3.57595/zenario/admin/welcome.ajax.php Tested version: Zenario-9.3.57595
Fonte⚠️ https://github.com/lithonn/bug-report/tree/main/vendors/tribalsystems/zenario/session-fixation
Utente
 leecybersec (UID 36724)
Sottomissione30/11/2022 09:02 (4 anni fa)
Moderazione30/11/2022 11:45 (3 hours later)
StatoAccettato
Voce VulDB214589 [Tribal Systems Zenario CMS 9.3.57595 Remember Me autenticazione debole]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!