Revive Adserver Team · Revive Adserver · CVE-2016-9125
**Name of the Vulnerable Software and Affected Versions**
Revive Adserver versions prior to 3.2.3
**Description**
The issue allows arbitrary session identifiers to be forced and does not invalidate the existing session upon successful authentication, potentially enabling an attacker to steal an authenticated session under certain circumstances.
**Recommendations**
For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue.