[keycloak-user] Session Hijacking
Bruno Oliveira
bruno at abstractj.org
Sun Mar 5 11:28:26 EST 2017
Yes, it was fixed since 2.3.0.CR1
On Sun, Mar 5, 2017, 11:31 AM Ushanas Shastri <ushanas at gmail.com> wrote:
> Hello,
>
> One of the applications we have protected using KeyCloak 2.2.1 Final is
> undergoing a security test, One of the issues reported is Session
> Hijacking.
>
> A quick internet search leads to KeyCloak issue 3692 related to Session
> Hijacking, but I cannot view this, so cant find out if this was an issue
> that has been fixed in subsequent versions.
>
> Can someone confirm if this is the case? If not, what measures can be taken
> for prevention of session hijacking?
>
> Regards, Ushanas.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list