XMLWordPrintable

Details

    • Defect (Security)
    • Status: Open
    • Trivial
    • Resolution: Unresolved
    • 3.0.0beta2
    • None
    • Frontend (F)
    • Any

    Description

      If you steal a cookie from an end user you can use this cookie to perform a replay attack as long as the other user is logged in. By sending a email to a fake login you can tell when the user attempts to login and replay their cookie.

      Something like a session ID should be set alongside the zbx_session cookie to ensure that only one session at a time is using a particular cookie. The test for this issue can be performed by using two different browsers or systems.

      Attachments

        Activity

          People

            Unassigned Unassigned
            infosec01 Damian Tommasino
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: