Bugtraq: Re: Joomla: Session hijacking vulnerability, CVE-2008-4122

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Joomla: Session hijacking vulnerability, CVE-2008-4122

From: darkz.gsa () gmail com
Date: Thu, 18 Dec 2008 04:40:40 -0700

Yes, I can reproduce this behavior. The application should reinitialize the cookie after the login but instead it will 
keep the previous cookie. An interesting thing this is valid only for the login_module, the administrator login page 
does not automatically redirect to HTTPS by configuration.

By Date By Thread

Current thread:

Joomla: Session hijacking vulnerability, CVE-2008-4122 Hanno Böck (Dec 16)
- <Possible follow-ups>
- Re: Joomla: Session hijacking vulnerability, CVE-2008-4122 darkz . gsa (Dec 18)