Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V3 - Session Management

Session Fixation for Concurrent Sessions

POC

  1. Login as userA and observe sessionID for that user
  2. Logout and then login as UserB and observe sessionID for that user
  3. Observe that the same sessionID is used for the next user

Impact

Medium

Likelihood

Low