V3 - Session Management
Session Fixation for Concurrent Sessions
POC
- Login as userA and observe sessionID for that user
- Logout and then login as UserB and observe sessionID for that user
- Observe that the same sessionID is used for the next user
Impact
Medium
Likelihood
Low