CVE-2020-27739

Name of the Vulnerable Software and Affected Versions Citadel WebCit versions prior to 926

Description A Weak Session Management issue allows unauthenticated remote attackers to hijack the sessions of users who recently logged in. This was reported to the vendor in a publicly archived thread titled "Multiple Security Vulnerabilities in WebCit 926".

Recommendations For Citadel WebCit versions prior to 926, consider temporarily restricting session management functionality until a patch is available. As a temporary workaround, restrict access to session-related features to minimize the risk of exploitation. Avoid using session-related parameters in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.