[DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2006-003 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2006-003 Project: Drupal core Date: 2006-03-13 Security risk: less critical...

DRUPAL-SA-2006-003 Session fixation vulnerability

If someone creates a clever enough URL and convinces you to click on it, and you later log in but you do not log off then the attacker may be able to impersonate you. Versions affected All Drupal versions before 4.6.6. Solution The fix to this issue requires PHP 4.3.2 or higher, which is higher...