[jira] [Closed] (OPENMEETINGS-1399) OpenMeetings is vulnerable to session fixation

Maxim Solodovnik (JIRA) Tue, 12 Jul 2016 23:12:55 -0700

     [ 
https://issues.apache.org/jira/browse/OPENMEETINGS-1399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Maxim Solodovnik closed OPENMEETINGS-1399.
------------------------------------------

> OpenMeetings is vulnerable to session fixation
> ----------------------------------------------
>
>                 Key: OPENMEETINGS-1399
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1399
>             Project: Openmeetings
>          Issue Type: Bug
>          Components: BuildsAndReleases, HTML5
>    Affects Versions: 3.1.1
>         Environment: Ubuntu 14.04.4
> Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
>            Reporter: Michal S
>            Assignee: Maxim Solodovnik
>            Priority: Critical
>             Fix For: 3.1.2, 3.2.0, 4.0.0
>
>
>  The cookie JSESSIONID is issued before login, and is not changed on 
> successful login. Therefore, an attacker can know this cookie and use it 
> after a valid user authenticated it. This holds especially for shared 
> workstations.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (OPENMEETINGS-1399) OpenMeetings is vulnerable to session fixation

Reply via email to