lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 22 Mar 2024 21:53:27 +0530
From: YOGESH BHANDAGE <yogeshbhandage@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Application is Vulnerable to Session Fixation

*Vulnerability Name - *Application is Vulnerable to Session Fixation

*Vulnerable URL: *www.fusionpbx.com


*Overview of the Vulnerability*
Session fixation is a security vulnerability that occurs when an attacker
sets or fixes a user's session identifier, manipulating the authentication
process. Typically exploited in web applications, this vulnerability allows
the attacker to force a user's session ID to a known value, granting
unauthorized access. Attackers can initiate the attack by tricking users
into using a provided session ID or by planting a session ID through
various means.


*Steps to Reproduce*
Step 1: To reproduce this vulnerability open two browsers. Copy "PHPSESSID"
cookie from Browser 1 and paste it to Browser 2.
Step 2: Login in Browser 1 using valid credentials.
Step 3: Navigate to Browser 2 and refresh the page or open this URL (
https://www.fusionpbx.com/app/account/home.php)
Step 4: Successfully logged in Browser 2 without entering the credentials.


*Impact of Vulnerability:*
Anyone can easily hijack victims or user's sessions and get into his account
. Cookie stealing is the best way the hacker can get into account.. it
would not take more than 5 min to steal someone's cookie using PHP and all
.....
Even friends can fool the victim and get him hacked...


*Mitigation:*Manage sessions properly. This problem is mainly faced because
the session doesn't get expired or doesn't get closed when logout is
pressed. Each time the user logins the cookie must hold a unique different
session-id to proceed.


------------------------------------------------------------------------------------------------------


*FusionPBX Development Team Implemented Fix GitHub Commit Links:*
https://github.com/fusionpbx/fusionpbx/commit/50220d7a0674fae944a1e16fab7a8517cdc51a9e
https://github.com/fusionpbx/fusionpbx/commit/560a51cff710df12c863de53c4c8289e1516dae8
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ