Session Cookie Retention Vulnerability in FreeIPA 4.5.0 and Later
CVE-2019-14826 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
Learn more about our Web Application Penetration Testing UK.