Name of the Vulnerable Software and Affected Versions OpenStack Dashboard (Horizon) versions folsom-1 through 2012.1

Description A session fixation issue allows remote attackers to hijack web sessions via the sessionid cookie.

Recommendations For OpenStack Dashboard (Horizon) versions folsom-1 through 2012.1, consider regenerating session IDs upon user login to prevent session fixation attacks. As a temporary workaround, restrict access to sensitive operations that rely on session authentication until a patch is available.