CVE-2018-16495

Name of the Vulnerable Software and Affected Versions VOS (affected versions not specified)

Description The issue arises because a user session identifier (authentication token) is issued to the browser before authentication and is not updated after a successful login. This oversight allows an attacker to potentially set up a trap session on a device that the victim is likely to use for login.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.