Session Fixation Vulnerability in Mahara 15.04 and 15.10

Session Fixation Vulnerability in Mahara 15.04 and 15.10

CVE-2017-1000150 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.

Learn more about our User Device Pen Test.