Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:23501
HistoryApr 10, 2020 - 12:29 a.m.

Session Hijacking

2020-04-1000:29:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
22

EPSS

0.005

Percentile

76.4%

squirrelmail is vulnerable to session hijacking. The vulnerability exists as the Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions.