Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 09/01/2020 Updated: 17/01/2020

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

In Pow (Hex package) prior to 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powauth pow

CWE-384 https://github.com/danschultzer/pow/security/advisories/GHSA-v2wf-c3j6-wpvw https://github.com/danschultzer/pow/commit/578ffd3d8bb8e8a26077b644222186b108da474f https://github.com/danschultzer/pow/blob/master/CHANGELOG.md#v1016-2020-01-07 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-5205

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect