Michael Greb

**Name of the Vulnerable Software and Affected Versions** AjaxTerm versions 0.10 and earlier **Description** The issue allows remote attackers to hijack a session or cause a denial of service due to session ID exhaustion via a brute-force attack. This is because session IDs are generated with predictable random numbers based on certain JavaScript functions. **Recommendations** For AjaxTerm versions 0.10 and earlier, consider updating to a version that generates session IDs with truly random numbers to prevent session hijacking and denial of service attacks. As a temporary workaround, consider implementing additional session validation mechanisms to minimize the risk of exploitation.