Revive Adserver prior to 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an malicious user to steal an authenticated session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
revive-adserver revive adserver |