Michal S created OPENMEETINGS-1399:
--------------------------------------
Summary: OpenMeetings is vulnerable to session fixation
Key: OPENMEETINGS-1399
URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1399
Project: Openmeetings
Issue Type: Bug
Affects Versions: 3.1.1
Environment: Ubuntu 14.04.4
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Reporter: Michal S
Assignee: Maxim Solodovnik
The cookie JSESSIONID is issued before login, and is not changed on successful
login. Therefore, an attacker can know this cookie and use it after a valid
user authenticated it. This holds especially for shared workstations, as they
are often found in border police stations.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
