Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

PT-2024-37046 · Unknown · Password Pusher

Name of the Vulnerable Software and Affected Versions: Password Pusher versions 1.50.3 and prior Description: A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session tok...