PT-2019-18555 · Zoneminder+2 · Zoneminder+2

Published

2019-02-04

Updated

2020-02-17

CVE-2019-7350

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.32.3

Description The issue allows an attacker to fixate their own session cookies to the next logged-in user, resulting in the hijacking of the victim's account. This happens because multiple cookies are generated upon successful login, and these sets overlap for successive logins.

Recommendations For versions prior to 1.32.3, update to a version that contains a fix for this issue to prevent session fixation attacks.

Exploit

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

ALT-PU-2020-1092

ALT-PU-2020-1246

CVE-2019-7350

Affected Products

Alt Linux

Debian

Zoneminder

PT-2019-18555 · Zoneminder+2 · Zoneminder+2

CVE-2019-7350

Weakness Enumeration

Related Identifiers

Affected Products

References · 8