Lucene search
K

4 matches found

OSV
OSV
added 2024/12/30 4:46 p.m.9 views

GHSA-4FWJ-M62Q-PP47 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

5.7CVSS5.6AI score0.00209EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/30 4:46 p.m.9 views

CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

5.7CVSS5.5AI score0.00209EPSS
Exploits0References1
OSV
OSV
added 2021/06/23 5:11 p.m.10 views

MGASA-2021-0272 Updated guacd packages fix security vulnerabilities

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

7.5CVSS5.9AI score0.021EPSS
Exploits0References7
CNVD
CNVD
added 2015/05/07 12:0 a.m.3 views

Grindr for iOS Session Token Remote Password Manipulation Vulnerability

Grindr for iOS is GPS based mobile app. A security vulnerability in the Grindr for iOS reset password feature allows attackers to exploit the vulnerability to intercept session tokens, change email values, and reset passwords...

6.9AI score
Exploits0References1
Rows per page
Query Builder