Nextcloud: Session fixation on public talk links

userA shares a talk room and protects it with a password 2. userB opens links but doesn't enter the password yet 3. Attacker steals the cookies from userB 4. userB logs in 5. attacker is now also able to read the conversation etc Impact In short the attacker is able to take over the session of...

Exploit for CVE-2018-8453

leHACK 2019: Analyzing CVE-2018-8453: An interesting tale of U...