Oplossingen voor kwetsbaarheid
 |
scans van de laatste 7 dagen |
| De Nimsoft Cloud Monitor Periodieke Kwetsbaarheidscan controleert op onderstaande kwetsbaarheden. De meest recent toegevoegde oplossingen voor kwetsbaarheid die door Nimsoft Cloud Monitor worden gescand vindt u in het overzicht Oplossingen voor kwetsbaarheid |
| Categorie: Web Servers | Risicofactor: High | Toegevoegd: 18 mrt 2010 |
| Synopsis: The remote web application may be vulnerable to a session fixation attack. Description: The remote web application uses cookies to track authenticated users. If the session cookie is already present before authentication, it remains unchanged after a successful login. That is, only server-side variables are updated. Session cookies are expected to be unpredictable in a secure web application. If HTTP cookies can be manipulated (by injecting client- side JavaScript for example), then the attacker does not have to break the pseudo-random generator, and the web application is vulnerable to a 'session fixation' attack. See also: http://en.wikipedia.org/wiki/Session_fixation http://www.owasp.org/index.php/Session_Fixation Solution: Fix the application so that the session cookie is re-generated after successful authentication. Risk factor: High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) |
||
