[jboss-jira] [JBoss JIRA] (ELY-1945) Authentication vulnerable to session fixation attacks

[Darran Lofthouse (Jira)]

     [ https://issues.redhat.com/browse/ELY-1945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated ELY-1945:
----------------------------------
    Fix Version/s: 1.11.5.CR1
                       (was: 1.11.4.Final)


> Authentication vulnerable to session fixation attacks
> -----------------------------------------------------
>
>                 Key: ELY-1945
>                 URL: https://issues.redhat.com/browse/ELY-1945
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Mark Banierink
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 1.6.7.Final, 1.11.4.Final
>
>
> The session id is not changed upon authentication. This creates a vulnerability to session fixation attacks.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)