Rymsha

**Name of the Vulnerable Software and Affected Versions** Enonic XP versions less than 7.7.4 **Description** The issue is a session fixation problem that allows a remote and unauthenticated attacker to use prior sessions due to the lack of invalidating session attributes. This affects all id-providers using the lib-auth `login` method. **Recommendations** For Enonic XP versions less than 7.7.4, consider updating to version 7.7.4 or later to resolve the issue. As a temporary workaround, avoid using lib-auth for `login`, and instead use the Java API, which allows for invalidating previous sessions before auth-info is added.