PT-2019-18555 · Zoneminder+2 · Zoneminder+2

Publicado

2019-02-04

Atualizado

2020-02-17

CVE-2019-7350

CVSS v3.1

7.3

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.32.3

Description The issue allows an attacker to fixate their own session cookies to the next logged-in user, resulting in the hijacking of the victim's account. This happens because multiple cookies are generated upon successful login, and these sets overlap for successive logins.

Recommendations For versions prior to 1.32.3, update to a version that contains a fix for this issue to prevent session fixation attacks.

Exploit

Correção

Session Fixation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-384

Identificadores relacionados

ALT-PU-2020-1092

ALT-PU-2020-1246

CVE-2019-7350

Produtos afetados

Alt Linux

Debian

Zoneminder

PT-2019-18555 · Zoneminder+2 · Zoneminder+2

CVE-2019-7350

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8