In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.
[
{
"product": "Tenable Nessus",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "All versions prior to 7.1.0"
}
]
}
]