4 matches found
GHSA-V2WF-C3J6-WPVW Session fixation
Impact The use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability. Workarounds Call...
Session fixation
Impact The use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability. Workarounds Call...
CVE-2020-5205
CVE-2020-5205 affects Pow (Hex package) prior to 1.0.16 in Pow.Plug.Session when a persistent session store (e.g., Redis or database) is used. The vulnerability enables session fixation attacks due to how Plug.Session handles the session across persistent stores; cookie store usage (common in Pho...
CVE-2020-5205 Session fixation attack in Pow (Hex package)
In Pow Hex package before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability...