Cookie-based Session Hijacking Vulnerability

Cookie-based Session Hijacking Vulnerability

CVE-2023-41089 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.

Learn more about our User Device Pen Test.