Session fixation

2020-05-1814:15:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.175 Low

EPSS

Percentile

96.2%

JSON

rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.