The vulnerability could allow attackers to carry out Session Fixation attacks.
Security researcher Rishi Narang discovered vulnerabilities that an attacker can use to break into user accounts, Microsoft, Twitter, LinkedIn and Yahoo. According to experts, a vulnerability that could allow an attack Session Fixation, caused by an error in the management of session cookie.
If hackers intercept authorization cookie, they can use them to break into the accounts as of end of the cookie will still remain valid, even if the user closed the session of the site.
According to Narang, the session authorization ID is available, even after it is completed. The expert also said that there are examples where the cookie is available to break authorized sessions, with this cookie for several days or even months. As a result, attackers can gain access to user accounts, and even if they repeatedly come into their accounts and withdraw from them, cookie will remain valid.
Rishi Narang added that the vulnerability is not affected accounts to Google and Facebook.
Session Fixation Attacks – Video:
Session Fixation Attacks in Google:
The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the …
Session Fixation Attack – This article describes how a session can be hijacked using session fixation and what to do to protect your applications.
“Session Fixation is an attack technique that forces a user’s session ID to an explicit value. Depending on the functionality of the target web site, a number of …