PT-2017-12102 · Mt4 Networks · Mt4 Networks Senhasegura Web Application

Published

2017-12-18

Updated

2018-01-12

CVE-2017-11562

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MT4 Networks SenhaSegura Web Application version 2.2.23.8

Description A Session Fixation issue exists in the login functionality of the affected application, specifically via the "login if.php" endpoint.

Recommendations For version 2.2.23.8, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider implementing additional validation and regeneration of session IDs upon successful login to mitigate the risk of session fixation attacks.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2017-11562

Affected Products

Mt4 Networks Senhasegura Web Application

PT-2017-12102 · Mt4 Networks · Mt4 Networks Senhasegura Web Application

CVE-2017-11562

Weakness Enumeration

Related Identifiers

Affected Products

References · 3