Session Identifier Not Updated

Asked Jun 27 '14 at 11:49

Active Jul 01 '14 at 14:05

Viewed 55 times

I'm working on open-source application "Project-Open" and during the scanning I got the following vulnerability:

[Medium] Session Identifier Not Updated
Issue: 13800882
Severity: Medium
URL: https://<server_name>/register/
Risk(s): It is possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user,allowing the hacker to view or alter user records, and to perform transactions as that user
Fix: Do not accept externally created session identifiers

though the fix is mentioned but it is not sufficient for me to understand it completely.please guide me how should I remove this.Also let me know if any further details are needed to understand the question. P.S. the code is in tcl

edited Jul 01 '14 at 14:05

Donal Fellows

133,037
18
149
215

asked Jun 27 '14 at 11:49

VijayD

2

Not enough information. You found a vulnerability, but didn't mention in what kind of software. – schlenk Jun 27 '14 at 17:50
[`]project open[`](http://www.project-open.com/) is a big suite of things; it's too hard for us to guess how to help with what you've said so far. – Donal Fellows Jun 28 '14 at 12:18
@DonalFellows let me know what else you want to know... – VijayD Jun 30 '14 at 11:05

Session Identifier Not Updated

0 Answers0