Insecure Session Management in Zenoss Core before 4.2.5 SP161 (ZEN-12691)

Insecure Session Management in Zenoss Core before 4.2.5 SP161 (ZEN-12691)

CVE-2014-9386 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.

Learn more about our Web Application Penetration Testing UK.