| タイトル | Zenario CMS 9.3.57595 has Session Fixation vulnerability |
|---|
| 説明 | Description: In Zenario CMS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.
The product(s): https://zenar.io
Affected product(s)/code base: https://github.com/TribalSystems/Zenario
Affected component(s): /Zenario-9.3.57595/zenario/admin/welcome.ajax.php
Tested version: Zenario-9.3.57595 |
|---|
| ソース | ⚠️ https://github.com/lithonn/bug-report/tree/main/vendors/tribalsystems/zenario/session-fixation |
|---|
| ユーザー | leecybersec (UID 36724) |
|---|
| 送信 | 2022年11月30日 09:02 (4 年 ago) |
|---|
| モデレーション | 2022年11月30日 11:45 (3 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 214589 [Tribal Systems Zenario CMS 9.3.57595 Remember Me 弱い認証] |
|---|
| ポイント | 20 |
|---|