CentralAuth Session Fixation
Closed, ResolvedPublic

Description

CentralAuth is vulnerable to Session Fixation attacks [0]. It uses the existing session id from a browsers cookie when setting up the CentralAuth session, without resetting the value.

[0] - https://www.owasp.org/index.php/Session_fixation

If an attacker can set a cookie with the name 'centralauth_Session' with a known value on a victims browser and the victim later logs in, the attacker can impersonate the victim by using the CentralAuth session id with the chosen value.


Version: unspecified
Severity: normal

Details

Reference
bz40962
bzimport set Reference to bz40962.
bzimport added a subscriber: Unknown Object (MLST).
csteipp created this task.Oct 11 2012, 4:04 PM

Using CVE-2012-5395 to track this

Created attachment 11353
Generate new Session ID for CentralAuth on login

Attached: CA_40962.patch

The patch looks good.

Merged gerrit 36094 links here, bug maybe resolved

Restricted Application added subscribers: StudiesWorld, Luke081515. · View Herald TranscriptJan 28 2016, 6:13 PM

Add Comment