[JBoss JIRA] (ELY-1945) Authentication vulnerable to session fixation attacks

Thursday, 30 April 2020

    [
https://issues.redhat.com/browse/ELY-1945?page=com.atlassian.jira.plugin....
] 

Mark Banierink commented on ELY-1945:
-------------------------------------

[~dlofthouse] Sure, fine: Mark Banierink, software developer at Nedap.

...
 Authentication vulnerable to session fixation attacks
 -----------------------------------------------------

                 Key: ELY-1945
                 URL: https://issues.redhat.com/browse/ELY-1945
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Mark Banierink
            Assignee: Darran Lofthouse
            Priority: Critical
             Fix For: 1.6.7.Final, 1.11.4.Final

 The session id is not changed upon authentication. This creates a vulnerability to
session fixation attacks. 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006