CentralAuth Session Fixation
Closed, ResolvedPublic

Description

CentralAuth is vulnerable to Session Fixation attacks [0]. It uses the existing session id from a browsers cookie when setting up the CentralAuth session, without resetting the value.

[0] - https://www.owasp.org/index.php/Session_fixation

If an attacker can set a cookie with the name 'centralauth_Session' with a known value on a victims browser and the victim later logs in, the attacker can impersonate the victim by using the CentralAuth session id with the chosen value.


Version: unspecified
Severity: normal

bzimport added a subscriber: wikibugs-l.
bzimport set Reference to bz40962.
csteipp created this task.Via LegacyOct 11 2012, 4:04 PM
csteipp added a comment.Via ConduitOct 19 2012, 12:47 AM
csteipp added a comment.Via ConduitOct 25 2012, 10:02 PM

Using CVE-2012-5395 to track this

csteipp added a comment.Via ConduitNov 13 2012, 11:32 PM

Created attachment 11353
Generate new Session ID for CentralAuth on login

Attached: CA_40962.patch

tstarling added a comment.Via ConduitNov 14 2012, 10:02 PM

The patch looks good.

duplicatebug added a comment.Via ConduitDec 1 2012, 9:46 AM

Merged gerrit 36094 links here, bug maybe resolved

Aklapper edited projects, added MW-1.21-release; removed MW-extension-1.21-version.Via WebDec 19 2014, 8:17 PM
csteipp added a project: Security.Via WebThu, Mar 26, 8:39 PM

Add Comment

Column Prototype
This is a very early prototype of a persistent column. It is not expected to work yet, and leaving it open will activate other new features which will break things. Press "\" (backslash) on your keyboard to close it now.