Menu

#8 Security issue in session id generation mechanism

v1.0_(example)
accepted
Д Рогаткин
Security issue (1) Session Hijacking (1)
9
2014-05-21
2014-05-19
Anonymous
No

Hi Dmitriy! Hi all!

I inspected code of TJWS and found security vulnerability in session id generation mechanism that lead to session hijacking attack. I sent all details to jAddressBook@gmail.com email as specified on http://tjws.sourceforge.net/ website.

Let me know if you have questions.

Discussion

  • Д Рогаткин

    Д Рогаткин - 2014-05-21

    Build 106 made it less predictable

     

  • Д Рогаткин

    Д Рогаткин - 2014-05-21
    • status: open --> accepted
     

Anonymous
Anonymous

Add attachments
Cancel





MongoDB Logo MongoDB