Red Hat · Wildfly Elytron · CVE-2020-10714
**Name of the Vulnerable Software and Affected Versions**
WildFly Elytron versions 1.11.3.Final and earlier
**Description**
A flaw was found in WildFly Elytron when using FORM authentication with a session ID in the URL, allowing an attacker to perform a session fixation attack. This poses a threat to data confidentiality and integrity, as well as system availability.
**Recommendations**
For WildFly Elytron versions 1.11.3.Final and earlier, consider disabling the use of session IDs in URLs for FORM authentication until a patch is available. Restrict access to sensitive data and implement additional security measures to minimize the risk of session fixation attacks.