Описание
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:backclick:backclick:5.9.63:*:*:*:professional:*:*:*
EPSS
Процентиль: 59%
0.00383
Низкий
8.8 High
CVSS3
Дефекты
CWE-384
CWE-384
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.
EPSS
Процентиль: 59%
0.00383
Низкий
8.8 High
CVSS3
Дефекты
CWE-384
CWE-384