[JBoss JIRA] (ELY-1945) Authentication vulnerable to session fixation attacks

Tuesday, 28 April 2020

     [
https://issues.redhat.com/browse/ELY-1945?page=com.atlassian.jira.plugin....
]

Darran Lofthouse updated ELY-1945:
----------------------------------
    Fix Version/s: 1.6.7.Final
                   1.11.4.CR1

...
 Authentication vulnerable to session fixation attacks
 -----------------------------------------------------

                 Key: ELY-1945
                 URL: https://issues.redhat.com/browse/ELY-1945
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Mark Banierink
            Assignee: Darran Lofthouse
            Priority: Critical
             Fix For: 1.6.7.Final, 1.11.4.CR1

 The session id is not changed upon authentication. This creates a vulnerability to
session fixation attacks. 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006