Sårbarhetslösningar
 |
tillagda skanningar de senaste 7 dagarna |
| Nimsoft Cloud Monitor periodiska sårbarhetsskanning kontrollerar sårbarheten nedan. Om du vill se de senasta sårbarhetslösningarna som skannas av Nimsoft Cloud Monitor kan du gå till översikten med sårbarhetslösningar |
| Kategori: Web Servers | Riskfaktor: High | Tillagt: 18 mar 2010 |
| Synopsis: The remote web application may be vulnerable to a session fixation attack. Description: The remote web application uses cookies to track authenticated users. If the session cookie is already present before authentication, it remains unchanged after a successful login. That is, only server-side variables are updated. Session cookies are expected to be unpredictable in a secure web application. If HTTP cookies can be manipulated (by injecting client- side JavaScript for example), then the attacker does not have to break the pseudo-random generator, and the web application is vulnerable to a 'session fixation' attack. See also: http://en.wikipedia.org/wiki/Session_fixation http://www.owasp.org/index.php/Session_Fixation Solution: Fix the application so that the session cookie is re-generated after successful authentication. Risk factor: High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) |
||
