4 matches found
GHSA-4FWJ-M62Q-PP47 Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...
CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...
MGASA-2021-0272 Updated guacd packages fix security vulnerabilities
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...
Grindr for iOS Session Token Remote Password Manipulation Vulnerability
Grindr for iOS is GPS based mobile app. A security vulnerability in the Grindr for iOS reset password feature allows attackers to exploit the vulnerability to intercept session tokens, change email values, and reset passwords...