Page MenuHomePhabricator

CentralAuth Session Fixation
Closed, ResolvedPublic


CentralAuth is vulnerable to Session Fixation attacks [0]. It uses the existing session id from a browsers cookie when setting up the CentralAuth session, without resetting the value.

[0] -

If an attacker can set a cookie with the name 'centralauth_Session' with a known value on a victims browser and the victim later logs in, the attacker can impersonate the victim by using the CentralAuth session id with the chosen value.

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:13 AM
bzimport set Reference to bz40962.
bzimport added a subscriber: Unknown Object (MLST).

Using CVE-2012-5395 to track this

Created attachment 11353
Generate new Session ID for CentralAuth on login


Merged gerrit 36094 links here, bug maybe resolved