[jboss-jira] [JBoss JIRA] (ELY-1945) Authentication vulnerable to session fixation attacks
Darran Lofthouse (Jira)
issues at jboss.org
Wed Apr 29 10:57:57 EDT 2020
[ https://issues.redhat.com/browse/ELY-1945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14066274#comment-14066274 ]
Darran Lofthouse commented on ELY-1945:
---------------------------------------
[~mark.banierink] Would you like to be acknowledged on the CVE raised as a result of this issue? If so can you please confirm how you would like your name represented and any relevant affiliation.
> Authentication vulnerable to session fixation attacks
> -----------------------------------------------------
>
> Key: ELY-1945
> URL: https://issues.redhat.com/browse/ELY-1945
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Mark Banierink
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 1.6.7.Final, 1.11.4.Final
>
>
> The session id is not changed upon authentication. This creates a vulnerability to session fixation attacks.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list