Session Cookie Retention Vulnerability in FreeIPA 4.5.0 and Later

Session Cookie Retention Vulnerability in FreeIPA 4.5.0 and Later

CVE-2019-14826 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

Learn more about our Web Application Penetration Testing UK.